Android R8 obfuscation with flexJson duplicate key issue

Question

While obfuscating the android app using R8 and minifyEnabled true in build.gradle it adds duplicate key like below in one of webservice response.

Response: {"key1":"value1", ......., "key1":"value1"} it adds "key1" multiple time and flexJson throws exception and crashes the app

Caused by: flexjson.JSONException: Duplicate key "key1"
    at flexjson.JSONTokener.putOnce(JSONTokener.java:498)
    at flexjson.JSONTokener.parseObject(JSONTokener.java:471)
    at flexjson.JSONTokener.nextValue(JSONTokener.java:357)
    at flexjson.JSONTokener.parseObject(JSONTokener.java:471)
    at flexjson.JSONTokener.nextValue(JSONTokener.java:357)
    at flexjson.JSONDeserializer.deserialize(JSONDeserializer.java:197)

Everything works fine without obfuscation(minifyEnabled false). Gradle Plugin Version used: 3.4.2, Also flexJson is used by one of the library included in the project.

Hey, did you try this solution: https://stackoverflow.com/questions/6533676/proguard-and-gson-on-android-classcastexception#7090658 ? — Kévin Giacomino, Mar 13 '20 at 13:52
This is now also tracked in the R8 bug tracker, http://issuetracker.google.com/151765072. — sgjesse, Mar 18 '20 at 09:28

score 0 · Answer 1 · answered Mar 16 '20 at 12:20

In general you should ensure that all fields which are used for generating JSON through reflection are covered by a keep rule. Otherwise the name in the JSON can change from build to build. Also R8 use the property that the JVM and Android runtimes allow fields of different types to have the same name, you can end up in the situation described here.

One option could be to annotate all classes which are serialized, and use a keep rule like this:

-keep class @MyAnnotation ** {
  <fields>;
}

or if all these classes are in a separate package:

-keep class com.example.mypackage.serialized_classes.** {
  <fields>;
}

Android R8 obfuscation with flexJson duplicate key issue

1 Answers1