Using ProGuard and DexGuard in Your Android App

Android applications and SDKs are easy to decompile using readily available tools. This opens the way for data security violations like intellectual property theft, credential harvesting, tampering and cloning.

Proguard is integrated into the Android build system and it runs only when you build your application in release mode. Proguard is completely optional, but it is highly recommended.

Important points that should be considered while applying the ProGuard in your application -

Do not forget to add the Proguard rules in proguard-rules.pro file for any library that you have included in your project.
Add the rule for the classes on which you do not want to apply Proguard using keep class.

How to Enable Proguard in Android Studio

"Enabling Proguard In Android Studio"

In Android Studio project, the minifyEnabled property in the build.gradle file enables and disables Proguard for release builds.
The minifyEnabled property is part of the buildTypes release block that controls the settings applied to release builds.
Set the minifyEnabled property to true to enable Proguard.
The getDefaultProguardFile(‘proguard-android.txt’) method obtains the default Proguard settings from the Android SDK tools/proguard folder.
Android Studio adds the proguard-rules.pro file at the root of the module, which helps to add custom Proguard rules.

android {
    compileSdkVersion 29
    buildToolsVersion '29.0.3'
    ...
    buildTypes {
            release {
                minifyEnabled true
                proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
            }
        }
    }

In the minify process, Proguard changes change the class name, variable name, and method name in order to reduce the app size. For example, if you have a class named FirstClass.java in your app, proguard will change it into A or into something random. This could cause a runtime error as Class , methods or variables would not be found.

To avoid this, you need to tell the proguard to keep these classes, methods or variables as it is. This can be done using:

keep class:

-keep class yourClassName.yourmethodName.**{*;}

To disable warnings related to unresolved references, add dont warn.

-dontwarn okio.**
-ignorewarnings

You can also track the line number where crashes are reported using LineNumberTable

-keepattributes SourceFile, LineNumberTable

When specifies methods that don’t have any side effects, other than possibly returning a value. For example, the methods of Log class

-assumenosideeffects class android.util.Log.**{*;}

Let’s understand this with an example

I’m using a github library called SweetAlert in my app. As it is a third party library, Proguard was skipping it and the app crashed at runtime.

"example_01"

To resolve this, I added the following lines in the proguard-rules.pro file.

"example_02"

Clean and rebuild your project.

Run your app in an emulator or device to start seeing data on your mobile app’s Overview page.

Thank You!

Written by@Siddhi Rajput

Siddhi Rajput, explain with words and code.