2

I want to create secure library module that no one can extract code from apk file. but when try to enable proguard in library gradle getting error package does not exists. then i add following line in proguard rules file

-keep class com.alprocr.** { *; }
-keep class com.xyz.alpr.** { *; }
-keep class com.xyz.alpr.doc.** { *; }

after add this code app working file. but when i extract code from apk using apktool then i got complete source code from apk file. I want non-readable code when someone try to extract apk file. Is it possible?

i also try to allow shrinkresource but getting same error package does not exists

-keep,allowshrinking class com.alprocr.** { *; }
-keep,allowshrinking class com.xyz.alpr.** { *; }
-keep,allowshrinking class com.xyz.alpr.doc.** { *; }

gradle code

buildTypes {

        release {
            shrinkResources true
            minifyEnabled true
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }
Hitesh Gehlot
  • 1,307
  • 1
  • 15
  • 30

2 Answers2

1

You have to be more precise with telling Proguard how to work.

First better use the alias -keepnames instead of -keep,allowshrinking. Then only keep the public classes and protected class members. Meaning actually to not shrink these parts.

-keep,allowobfuscation public class com.alprocr.** { public protected *; }
-keep,allowobfuscation public class com.xyz.alpr.** { public protected *; }
-keep,allowobfuscation public class com.xyz.alpr.doc.** { public protected *; }

These are your entry-points to the library. Everything not public or protected will be shrunk and/or obfuscated by default.

tynn
  • 38,113
  • 8
  • 108
  • 143
  • Thanks for suggestion me but its not working getting error package does not exists. i remove allowobfuscation then its working fine. also source code secured now no one can get source code from extract apk file. :) – Hitesh Gehlot May 23 '17 at 06:02
  • It's not secure; only a little more annoying to anyone who wants to read it. – tynn May 23 '17 at 06:04
  • yes you are right its not secure my code. can you give me proper way that how can i secure my code. you above progaurd code not working for me getting error package does not exists now what can i do? – Hitesh Gehlot May 23 '17 at 12:45
0

Library projects by themselves don't run ProGuard, so they don't use any configuration. Application projects obfuscate the entire code base, including any referenced libraries, so they need proper configuration for the application code and for the library code.

See this post: https://stackoverflow.com/a/10992604/8770663

Masoud Mokhtari
  • 2,390
  • 1
  • 17
  • 45