Android Development Practice: Code obfuscation with Proguard

Because Android code is mostly Java code, it is easy to decompile, fortunately, Android ADT for us to integrate the tool of confusing code, one can confuse our code, so that the program is anti-compilation after the basic understanding, but also can play the role of code optimization. Currently, it is recommended to turn on the code obfuscation feature of Android.

Android ADT mainly through the Proguard tool to provide code confusion, there are quite a lot of blog posts on the web to say this, but feel a lot of is too complicated to introduce, here I will be a question and answer the way to more concise introduction of the next Proguard bar.

1. What is Proguard?

Proguard is a tool used to confuse and optimize Java code.

How you work: Remove invalid code, replacing the class name and function name in your code with obscure names.

Note that it can only confuse Java code, Android project native code, resource file (picture, XML), it is not confusing.

2. How to turn on Proguard

Modify the Android project root directory under the Project.Properties file, put proguard.config= .... The comment "#" in front of this line is removed.

This line specifies the default Proguard configuration file for the system, which is located in the Android Sdk/tools/proguard directory.

Of course, you can also write your own configuration file, but it is not recommended, so the system default configuration already covers a lot of common details, if you have additional configuration, you can add in the Proguard-project.txt file.

Note: The confusing configuration will only work if the release version of the APK is generated, and the debug version of the APK will not be confused.

3. Which content needs to be manually configured

The system default configuration already covers most of the content, but if you have the following in your project, you will need to manually add the configuration to the Proguard-project.txt file.

(1) classes referenced only in Androidmanifest.xml

(2) function called by Jni callback method

(3) Function or member variable that is called dynamically at run time

(4) Of course, if you are not sure which manual configuration is required, you can generate the program in the default configuration, and when the classnotfoundexception exception is found in the run, you will find which class should not be confused.

4. Manually configured rules

Manually added configurations, typically beginning with "-keep", are examples of common configuration commands, respectively:

Imagine an Android project that has an interface and a class:

Package com.ticktick.example;                                                                                                                                                                                    Public interface TestInterface {public void Test ();                                                                                                                                                                                                       public class Test {                                                                                                               Private STR    ing mteststring;    private final int mminvalue;                                                                                                                                                                                                                       private final int mmaxvalue;        Public Test (int min, int max) {mminvalue = min;    Mmaxvalue = max;                                                                                                                                                                                                                                                   } public int Getmin  Value () {      return mminvalue;                                                                                                                                                                                                                                                   } public int Getmaxvalue    () {return mmaxvalue;                                                                                                                                                                                                                                                   } public void Setteststr    ing (String teststr) {mteststring = Teststr; }}

(1) Do not confuse the constructors of a class

For example: Do not confuse the constructor of the test class:

-keepclassmembers classcom.ticktick.example.Test {public    <init> (int,int);}

(2) Do not confuse all classes or specified classes of a package

For example, do not confuse all classes/interfaces under package Com.ticktick.example

-keep class com.ticktick.example.** {*;}

For example, do not confuse the Com.ticktick.example.Test class:

-keep class Com.ticktick.example.Test {*;}

If you want to not confuse an interface, replace the class in the above command with interface.

(3) Do not confuse a particular function of a class

For example: Do not confuse the setteststring function of the Com.ticktick.example.Test class:

-keepclassmembers classcom.ticktick.example.Test {public    void setteststring (java.lang.String);}

(4) Do not confuse subclasses of a class, implementation of an interface

For example: Do not confuse subclasses of the Com.ticktick.example.Test class

-keep public class * extends Com.ticktick.example.Test

For example: Do not confuse the implementation of Com.ticktick.example.TestInterface

-keep class * Implementscom.ticktick.example.TestInterface {public    static final Com.ticktick.example.testinterface$creator *;}

(5) Add a third-party dependency package

Example: Adding a Android-support-v4.jar dependency package

-libraryjarslibs/android-support-v4.jar-dontwarnandroid.support.v4.**{*;} -keep class android.support.v4.**{*;} -keep interface android.support.v4.**{*;}

Note: You need to add Dontwarn, because by default proguard will check whether each reference is correct, but the third-party library is often not used in the class, there is no correct reference, so if not configured, the system will error.

5. Confusion after debugging information analysis

When the code is confused, the output log information is also confused, such as the function name and the class name are replaced with obscure names, and inconsistent with the code.

As a result, the Proguard tool also provides tools and files for recovering confusing content.

When you turn on Proguard confusion, each time you generate a release version of the APK, the root directory of the Andriod project will generate a Proguard folder, The Mapping.txt file under this folder records the corresponding relationship between the confused name and the first name, through which we reverse the recovered log information.

Assuming that the log file is named Log.txt, the command to recover the confusion is:

$retrace. Sh-verbose Mapping.txt Log.txt

Note The 1:retrace.sh command is located in the <sdk_root>/tools/proguard/directory

NOTE 2: You need to save each release version of the Mapping.txt, because each release of the confusion results and mapping relationships are different.

About Android code obfuscation I summed up here, you can also go to Proguard's official website for more detailed introduction of Proguard, have any questions welcome message or letter [email protected] exchange.

This article is from the "Shadow Three People" blog, be sure to keep this source http://ticktick.blog.51cto.com/823160/1413066