ProGuard Secure your APK from Reverse Engineering in Android

Following are words from http://proguard.sourceforge.net who are inventor of it.

ProGuard is a free Java class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names.

signing apk flow

  1. Shrinker : It will remove all the classes and methods which are not used by you from classes you developed and library you have used.
  2. Optimizer : to improve performance and size of your application
  3. Obfuscator : It will rename all classes, methods, object names and jumble them. This will make your application harder to reverse engineer.

So, now you get idea about what ProGarud means. But how we can use it in Android application?

Answer is,

ProGuard is integrated into the Android Build system. So you don’t need to take those libraries and manually use those. You can not run ProGuard every time. When you release your build, then and only it runs and perform its task.

Step 1: Use ProGuard in Android Application

To enable ProGuard, you need to open your “/project.properties” file. It will look like below.

You can see that WARNING at the beginning of line. But you can ignore it. Now come to 3rd line from bottom. It says

So, what you need to do is, remove comment from its immediate below line. This will enable ProGuard in your application.

Step 2: Release Build

After completing Step-1, you can now release your build. To do that

Right Click your Project -> Export -> Export Android Application -> Perform Next Step

And follow steps.

If your application successfully compiled and build, you can see one Directory added in your Project named “ProGuard”. This contains following files.

  1. dumb.txt : this describes the internal structure of all the class file in the .apk file
  2. mapping.txt : Lists the mapping between the original and obfuscated class, methods and object names.
  3. seeds.txt : Lists the classes and members those are not obfuscated
  4. usage.txt : Lists the code that was stripped from the .apk

Step 3: If Warning from ProGuard and return 0

This step is optional if you not found any error from ProGuard. But if you found some error messages in console regarding your library classes, you need to follow this step.

Open “/proguard-project.txt

Then at bottom of file, you need to write following line

What this defines? If you have warning like twitter4j.internal.logging.XYZ class not referenced, then you need to take parent package name to stop warning from build.

Summary

In this article, we learned what is ProGuard? How it will help to protect our application from Reverse Engineering.

Share on Facebook1Share on Google+0Tweet about this on TwitterShare on LinkedIn0Share on Reddit0Pin on Pinterest0Share on Tumblr0Email this to someone
  • What’s up to every one, because I am truly eager of reading this web site’s post to be updated
    daily. It includes good material.