ProGuard
Following are words from http://proguard.sourceforge.net
who are inventor of it.
ProGuard is a free Java class file shrinker, optimizer, obfuscator, and
preverifier. It detects and removes unused classes, fields, methods, and
attributes.
- Shrinker : It will remove all the
classes and methods which are not used by you from classes you developed and
library you have used.
- Optimizer : to improve performance
and size of your application
- Obfuscator : It will rename all
classes, methods, object names and jumble them. This will make your
application harder to reverse engineer.
So, now you get idea about what ProGarud means.
But how we can use it in Android application?
Answer is,
ProGuard is integrated into the Android Build system. So you don't need
to take those libraries and manually use those. You can not run ProGuard every
time. When you release your build, then and only it runs and perform its task.
Step 1: Use ProGuard in Android Application
To enable ProGuard, you need to open your "<project_root>/project.properties" file.
It will look like below.
# This file is automatically generated by Android Tools.
# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
#
# This file must be checked in Version Control Systems.
#
# To customize properties used by the Ant build system edit
# "ant.properties", and override values to adapt the script to your
# project structure.
#
# To enable ProGuard to shrink and obfuscate your code, uncomment this
(available properties: sdk.dir, user.home):
#proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt#
Project target.
target=android-18
You can see that WARNING at the beginning of line. But you can ignore it. Now
come to 3rd line from bottom. It says
# To enable ProGuard to shrink and obfuscate your code, uncomment this
(available properties: sdk.dir, user.home):
So, what you need to do is, remove comment from its immediate below line. This
will enable ProGuard in your application.
Step 2: Release Build
After completing Step-1, you can now release your build. To do that
Right Click your Project -> Export -> Export Android Application -> Perform Next
Step
And follow steps.
If your application successfully compiled and build, you can see one Directory
added in your Project named "ProGuard". This contains following files.
- dumb.txt : this describes the
internal structure of all the class file in the .apk file
- mapping.txt : Lists the mapping
between the original and obfuscated class, methods and object names.
- seeds.txt : Lists the classes and
members those are not obfuscated
- usage.txt : Lists the code that
was stripped from the .apk
Step 3: If Warning from ProGuard and return
0
This step is optional if you not found any error from ProGuard. But if you found
some error messages in console regarding your library classes, you need to
follow this step.
Open <project_root>/proguard-project.txt
Then at bottom of file, you need to write following line
-dontwarn twitter4j.internal.logging.**
-dontwarn org.apache.http.**
What this defines? If you have warning like twitter4j.internal.logging.XYZ class
not referenced, then you need to take parent package name to stop warning from
build.
Summary
In this article, we learned what is ProGuard? How it will help to protect our
application from Reverse Engineering.