2

I am working on the development of an android library with confidential APIs. I want to publish the library and make it publicly accessible but cannot open-source the code.

Is there any software or a way to publish the library while keeping the code private?

I can use jitpack with private repo but that is paid. Is there any alternative / free solution?

Aniket Velhankar
  • 411
  • 1
  • 4
  • 11

2 Answers2

0

one of the solutions you're looking for is obfuscating. see this related question: android library project obfuscation

and also here: Setting up ProGuard with Android Library Projects

when you obfuscate your code it is still open to be read by others, but it changes some way that is not readable by human.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Mohammad Mostafa Dastjerdi
  • 674
  • 1
  • 6
  • 21
  • I didn't get it. Even if I obfuscate, how do I distribute my library? The clients should be able to add my library in their app as a dependency. – Aniket Velhankar Jan 31 '21 at 07:29
  • 1
    it is possible for others to add it. the only thing about that is they cannot read your code and change it. notice that there will be no problem for intellisense. and for publishing I suggest you to publish that in github – Mohammad Mostafa Dastjerdi Jan 31 '21 at 07:33
  • https://sgkantamani.medium.com/how-to-create-and-publish-an-android-library-f37bf715932 - https://proandroiddev.com/publishing-android-libraries-to-the-github-package-registry-part-1-7997be54ea5a for more info – Mohammad Mostafa Dastjerdi Jan 31 '21 at 07:35
  • or you can publish it on maven - https://medium.com/@zubairehman.work/a-complete-guide-to-create-and-publish-an-android-library-to-maven-central-6eef186a42f5 for more info – Mohammad Mostafa Dastjerdi Jan 31 '21 at 07:48
  • Thank you. After obfuscation, can I use jitpack and upload my code to github ? – Aniket Velhankar Feb 01 '21 at 09:19
0

The real answer is that this is not possible. You cannot publish plain text code that is private. By definition publishing means it is not private. Obfuscated code is reasonably easy to reverse engineer, although the logic may be harder to follow without method/variable names.

In particular, API key strings will not be obfuscated at all by proguard. You have to live with the fact that your API keys are in the public domain as soon as you publish them.

Carson Holzheimer
  • 2,890
  • 25
  • 36