How to use Proguard in Android

As an Android developer, when you create an application you have to keep in mind to protect your source code.

As you put apk in the market, anyone can get the code from the apk. They can miss-use the code and key-functionalities of your app(think, if the app has payment transactions or such secure information).

Android provides “proguard” tool, which helps to safe your source code.

It is easy to implement the proguard in your android app.

Below are the steps which you should follow to use proguard(In eclipse 3.6.2).

Step 1: Enabling Proguard

In your android project, see the file project.properties.

Add the following line in that file

proguard.config=proguard.cfg (its default location of file)

If you have moved the location of file then give absolute path as,

proguard.config=/path/to/proguard.cfg

 

Step 2: Configuring Proguard

For some situations, the default configurations in the proguard.cfg file will suffice. However, many situations are hard for ProGuard to analyze correctly and it might remove code that it thinks is not used, but your application actually needs.

To avoid errors when proguard strips away your code, and your class is declared in manifest use following line :

-keep public class className

If you have included external jar files in ‘libs’ folder then proguard may give you some error like duplicate entries in MANI.MF file / other errors.For that it will be better option if we use ‘lib’ folder to keep all external jar files.

Specify all external jars seperately using -injars lib.

Example of how your cfg file will look like below:

-injars lib

-libraryjars ../../..//Android/android_sdk_mac_x86/add-ons/addon-google_apis-google-16

-optimizationpasses 5

-dontusemixedcaseclassnames

-dontskipnonpubliclibraryclasses

-dontpreverify

-dontnote

-verbose

-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*

-dontwarn sun.misc.Unsafe, java.lang.management.ManagementFactory, org.codehaus.jackson.JsonParser, org.json.JSONObject, org.codehaus.jackson.JsonGenerator, org.codehaus.jackson.JsonFactory, com.google.common.collect.MinMaxPriorityQueue


-keep public class * extends android.app.Application

-keep public class com.android.vending.licensing.ILicensingService

-keepclasseswithmembernames class * {

    native;

}

-keepclasseswithmembers class * {

    public(android.content.Context, android.util.AttributeSet);

}

 -keepclasseswithmembers class * {

    public(android.content.Context, android.util.AttributeSet, int);

}

 -keepclassmembers class * extends android.app.Activity {

   public void *(android.view.View);

}

 -keepclassmembers enum * {

    public static **[] values();

    public static ** valueOf(java.lang.String);

}

 -keep class * implements android.os.Parcelable {

  public static final android.os.Parcelable$Creator *;

}

To troubleshoot the error while compiling the proguard refer,


http://proguard.sourceforge.net/index.html#manual/troubleshooting.html

Step 3: Export the apk file.

for reference use following link – http://developer.android.com/tools/help/proguard.html

 

How to view the code from apk

To check how our source code will look from the apk once proguard is added below steps are useful.

Step 1. Change the extension of apk from apk to zip.

Step 2. Unzip the zip file.You will see files including android_manifest.xml , assets, classes.dex etc.

Step 3. Download dex2jar from http://code.google.com/p/dex2jar/wiki/UserGuide

Follow the steps given there to run dx2jar command.

Step 4. It will create classes.jar file. To view all contents of jar file use JavaDecompiler. (http://java.decompiler.free.fr/?q=jdgui)