4

This might be too broad, but I would like an explanation on how Proguard and minification configurations are passed between projects and their dependencies to understand how deeply are these operations made in my project's dependency tree.

I have on build.gradle of `themodule':

buildTypes {
        release {
            minifyEnabled true
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
        }
dependencies {
    compile project(':someothermodule')
    compile 'some.maven.central.library'
}

By the configuration it seems clear that the classes inside themodule will be minifyed and obfuscated, but what happens with the classes of someothermodule? Will they also be minifyed and obfuscated? Even if someothermodule has minifyEnabled true?

What happens if 'someothermodule' is just a .jar dependency?

What happens with the configurations of some.maven.central.library?

Are the Proguard configurations of the module being built cascading down to its dependencies or each of them follows its own rules?

buzoherbert
  • 1,537
  • 1
  • 12
  • 34

2 Answers2

4

If a module get obfuscated (minifyEnabled true) by itself, the used configuration is not automatically inherited by the consuming module (in your case the application).

There is a mechanism in the Android gradle plugin to enabled this:

consumerProguardFiles 'proguard-rules.pro'

The rules that are contained in proguard-rules.pro will be automatically included in the application project and merged with other configuration files.

This will only work for Android library projects (.aar). If you have a dependency to a .jar file on maven central for example, no such consumer rules will be available, and you have to add the needed configuration to your application project yourself.

Keep in mind that the configuration to obfuscate a module and the one used by the consuming application / module does not need to be identical. The consumer rules will in most cases only be a set of -keep rules.

T. Neidhart
  • 6,060
  • 2
  • 15
  • 38
2

Technically, it is the following :

Library projects by themselves don't run ProGuard, so they don't use any configuration.

Application projects obfuscate the entire code base, including any referenced libraries, so they need proper configuration for the application code and for the library code.

I had a small case where I had a Facebook library as a gradle dependency and since we were obfuscating the code with minifyEnabled:true we had to keep all its code from being obfuscated, using the regular keep commmands such as :

-keep class com.facebook.** { *; }

Additionally, and regarding the .jar obfuscation, you can check this other post

Regards,

Community
  • 1
  • 1
Ricardo Vieira
  • 1,738
  • 1
  • 18
  • 26