Android obfuscation Packaging

Before that, I read the proguard official website and found the relevant information.

ProGuard Introduction

ProGuard is a well-known open-source project on SourceForge. Official Website: http://proguard.sourceforge.net /.

Java bytecode is generally very easy to decompile. To protect the Java source code, we often confuse compiled class files. ProGuard is mainly used for obfuscation. Of course, it can also reduce the size and optimize the bytecode, but those are secondary features for us.


The official ProGuard article is introduced as follows:

ProGuard is a free Java class file shrinker, optimizer, obfuscator, and preverifier. it detects and removes unused classes, fields, methods, and attributes. it optimizes bytecode and removes unused instructions. it renames the remaining classes, fields, and methods using short meaningless names. finally, it preverifies the processed code for Java 6 or for Java Micro Edition.


Android Eclipse development environment and ProGuard

Before Android 2.3, obfuscation of Android code can only be implemented by manually adding proguard, which is inconvenient. After 2.3, Google has added this tool to the SDK tool set. Path: SDK \ tools \ proguard. When creating a new Android project, a proguard configuration file proguard. cfg appears under the root path of the project directory. That is to say, we can use ProGuard to confuse the Android project directly in our elipse project through simple configuration. When the integrated ADTs creates a new androidproject, there will be a proguard-project.txt under the root directory of the project. In fact, this file is the same as proguard. cfg. Some configuration of obfuscation packaging can be written in this file.

I searched Proguard for obfuscation and packaging of related information, and searched for all said similar, as long as I understood some basic usage methods, which obfuscation and which do not confuse, the most common one is to filter out some components that need to be registered for android and avoid confusion between third-party packages because some third-party packages have already been obfuscated, write a basic configuration as needed. Here I have made a basic synthesis and proguard configuration as follows:

-optimizationpasses 7-dontusemixedcaseclassnames-dontskipnonpubliclibraryclasses-dontpreverify-verbose-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*-keep public class * extends android.app.Activity-keep public class * extends android.app.Application-keep public class * extends android.app.Service-keep public class * extends android.content.BroadcastReceiver-keep public class * extends android.content.ContentProvider-keep public class * extends android.app.backup.BackupAgentHelper-keep public class * extends android.preference.Preference-keep public class com.android.vending.licensing.ILicensingService-keepclasseswithmembernames class * {    native 
 
  ;}-keepclasseswithmembers class * {    public 
  
   (android.content.Context, android.util.AttributeSet);}-keepclasseswithmembers class * {    public 
   
    (android.content.Context, android.util.AttributeSet, int);}-keepclassmembers class * extends android.app.Activity {     public void *(android.view.View);}-keep public class * extends android.view.View {    public 
    
     (android.content.Context);    public 
     
      (android.content.Context, android.util.AttributeSet);    public 
      
       (android.content.Context, android.util.AttributeSet, int); public void set*(...);}-keepclassmembers enum * { public static **[] values(); public static ** valueOf(java.lang.String);}-keep class * implements android.os.Parcelable { public static final android.os.Parcelable$Creator *;}-keepnames class * implements java.io.Serializable-keepclassmembers class * implements java.io.Serializable { static final long serialVersionUID; private static final java.io.ObjectStreamField[] serialPersistentFields; !static !transient 
       
        ; private void writeObject(java.io.ObjectOutputStream); private void readObject(java.io.ObjectInputStream); java.lang.Object writeReplace(); java.lang.Object readResolve();}-keepattributes Signature-keepattributes *Annotation*-keep class **.R$* { *; }-libraryjars libs/android-support-v4.jar-dontwarn android.support.v4.** -keep class android.support.v4.** { *; } -keep interface android.support.v4.** { *; }-keep public class * extends android.support.v4.** -keep public class * extends android.app.Fragment
       
      
     
    
   
  
 

It mainly retains child classes inherited from Activity, Application, Service, BroadcastReceiver, ContentProvider, BackupAgentHelper, Preference, and ILicensingService. These subclasses may be called externally.

In addition, it retains the classes containing native methods and the classes constructed by constructor from xml (generally the subclass of View) the values and valueOf static methods in the enumeration type, inherit the cross-process data class of Parcelable, and implement Serializable Object serialization.

If there are other third-party packages, you can add the configuration without obfuscation. You can configure proguard obfuscation as required.

Remember to put the project. properties file in the root directory:

# This file is automatically generated by Android Tools.# Do not modify this file -- YOUR CHANGES WILL BE ERASED!## This file must be checked in Version Control Systems.## To customize properties used by the Ant build system edit# "ant.properties", and override values to adapt the script to your# project structure.## To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):#proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt# Project target.target=android-17

Proguard. config =$ {sdk. dir}/tools/proguard/proguard-android.txt: proguard-project.txt

The red comment (remove "#") is opened at the bottom, and the signature can be mixed to package the apk.