ProGuard Secure your APK from Reverse Engineering in Android

Following are words from http://proguard.sourceforge.net who are inventor of it.

ProGuard is a free Java class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names.

signing apk flow

  1. Shrinker : It will remove all the classes and methods which are not used by you from classes you developed and library you have used.
  2. Optimizer : to improve performance and size of your application
  3. Obfuscator : It will rename all classes, methods, object names and jumble them. This will make your application harder to reverse engineer.

So, now you get idea about what ProGarud means. But how we can use it in Android application?

Answer is,

ProGuard is integrated into the Android Build system. So you don’t need to take those libraries and manually use those. You can not run ProGuard every time. When you release your build, then and only it runs and perform its task.

Step 1: Use ProGuard in Android Application

To enable ProGuard, you need to open your “/project.properties” file. It will look like below.

You can see that WARNING at the beginning of line. But you can ignore it. Now come to 3rd line from bottom. It says

So, what you need to do is, remove comment from its immediate below line. This will enable ProGuard in your application.

Step 2: Release Build

After completing Step-1, you can now release your build. To do that

Right Click your Project -> Export -> Export Android Application -> Perform Next Step

And follow steps.

If your application successfully compiled and build, you can see one Directory added in your Project named “ProGuard”. This contains following files.

  1. dumb.txt : this describes the internal structure of all the class file in the .apk file
  2. mapping.txt : Lists the mapping between the original and obfuscated class, methods and object names.
  3. seeds.txt : Lists the classes and members those are not obfuscated
  4. usage.txt : Lists the code that was stripped from the .apk

Step 3: If Warning from ProGuard and return 0

This step is optional if you not found any error from ProGuard. But if you found some error messages in console regarding your library classes, you need to follow this step.

Open “/proguard-project.txt

Then at bottom of file, you need to write following line

What this defines? If you have warning like twitter4j.internal.logging.XYZ class not referenced, then you need to take parent package name to stop warning from build.

Summary

In this article, we learned what is ProGuard? How it will help to protect our application from Reverse Engineering.

You may also like to read

Develop apps faster using Data Binding – Par... Google has been pushing updates to existing tools and making the life of android developers easier. They also have been releasing new libraries and AP...
Resizable Rectangle Overlay on Touch in Android When I read this question http://stackoverflow.com/questions/8974088/how-to-create-a-resizable-rectangle-with-user-touch-events-on-android on StackOve...
Android 6.0 “M” – new features r... Google is providing a newer version of Android OS each year. This time also we are expecting a newer version of Android 6.0 by the end of this year. ...
Using Facebook’s Shimmer effect in Android &... In this tutorial, you will learn how to implement "Shimmer effect" developed by Facebook in RecyclerView for Android. In Facebook, you see that un...
Share on Facebook1Share on Google+0Tweet about this on TwitterShare on LinkedIn0Share on Reddit0Pin on Pinterest0Share on Tumblr0Email this to someone
  • What’s up to every one, because I am truly eager of reading this web site’s post to be updated
    daily. It includes good material.