Is proguard.cfg needed for library projects?

Question

Assuming I need to apply the same rules for both an application project and a library project on which it relies, do I need to duplicate the content of proguard.cfg from the application to the library project?

In other words, does the application's proguard.cfg "take over" all the library projects on which it depends, or must I explicitly specify rules for each of the library projects?

score 107 · Accepted Answer · answered Jun 12 '12 at 07:59

107

Library projects by themselves don't run ProGuard, so they don't use any configuration.

Application projects obfuscate the entire code base, including any referenced libraries, so they need proper configuration for the application code and for the library code.

answered Jun 12 '12 at 07:59

Eric Lafortune

45,150
8
114
106

33

Wow! Can't get more authoritative than the developer of Proguard. Accepting + 1. – Regex Rookie Jun 12 '12 at 20:31
Is obfuscation done even without having any proguard config file? – AlikElzin-kilaka May 28 '14 at 14:56
How do you reference the library project from the proguard file in the application? – Clive Jefferies Feb 17 '15 at 14:23
8

What if you want to deliver an SDK to be used by a 3rd party and you want to use proguard for obfuscation? From the answer I understand that proguard is not designed to obfuscate library project. But is it technically impossible? Couldn't you obfuscate the library except the external interface? – Ika Jul 26 '15 at 07:42
2

@Eric Lafortune Is this still the case, because it seems that I can configure my Android library modules to run proguard and I get usages.txt and mappings.txt in the library module's build folder. But it still seems important that I copy the library's proguard configuration to the main app module as well so is it running proguard twice? – Jon Oct 28 '15 at 19:36
1

Please update your answer according the last changes of Proguard. I feel there is a way! – Behrouz.M Nov 04 '15 at 06:09
4

Many of Google's APIs (Google Maps I know, Analytics I believe, and perhaps many others) are obfuscated when you Command-Click to browse their implementation. (ex: "class SupportMapFragment { private final SupportMapFragment.zzb zzaJA = new SupportMapFragment.zzb(this); ... } "). How can a 3rd party obfuscate their stand-alone library in a similar way so that it is harder to reverse engineer? I suspect it requires a custom script that directly breaks open the aar, proguards the Java class, and then repackages the aar. Can anyone share this script? – swooby Dec 11 '15 at 19:41

score 4 · Answer 2 · answered Jun 11 '12 at 15:41

It appears that the answer is "No": Proguard will obfuscate code from the libraries too.

But that was in 2010 and we know very well that specifications keep changing, especially in the Android development tools. So if a more authoritative answer comes along, I will accept it.

score 3 · Answer 3 · edited Mar 04 '19 at 13:34

3

In build.gradle of library project, add line: consumerProguardFiles 'proguard-rules.pro' in buildTypes as:

buildTypes {
release {
    minifyEnabled true
    proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
    consumerProguardFiles 'proguard-rules.pro'
}

}

In build.gradle of root project, enable minifyEnabled. The libraray proguard will work.

edited Mar 04 '19 at 13:34

Ru Chern Chong

3,692
13
33
43

answered Mar 04 '19 at 13:26

etahudu

41
2

Is proguard.cfg needed for library projects?

3 Answers3

Linked