2

I have the following code in my application's proguard.cfg (and yes, I also have proguard.config=proguard.cfg in build.properties):

-optimizationpasses 5
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-dontpreverify
-verbose
-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*

-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class com.android.vending.licensing.ILicensingService

-keepclasseswithmembernames class * {
    native <methods>;
}

-keepclasseswithmembernames class * {
    public <init>(android.content.Context, android.util.AttributeSet);
}

-keepclasseswithmembernames class * {
    public <init>(android.content.Context, android.util.AttributeSet, int);
}

-keepclassmembers enum * {
    public static **[] values();
    public static ** valueOf(java.lang.String);
}

-keep class * implements android.os.Parcelable {
  public static final android.os.Parcelable$Creator *;
}

Yet, I was surprised to see an error report from the Android Market containing Unobfuscated symbols in the stack trace.

I know I uploaded an ProGuard exported version, so what did I miss?

ateiob
  • 9,016
  • 10
  • 44
  • 55
  • 1
    Are you actually building using ProGuard? Having that file is not enough. You should be able to see ProGuard in your build log. You should be able to look at the built app and see that it is obfuscated. – ThomasW Aug 10 '11 at 02:03
  • @ThomasW Yes I am. I have a `proguard` folder in my project with 4 files: `dump.txt`, `mapping.txt`, `seeds.txt` and `usage.txt`. The file `mapping.txt` shows the vast majority of symbols being obfuscated to single letters, except for several classes, such as the Activity class and the Preferences class. I now notice that `proguard.cfg` has `-keep` statements for those. Could that be the reason? +1 for replying. – ateiob Aug 10 '11 at 02:30
  • Yes, some of the classes will need to remain unobfuscated in order for your app to work correctly. For example, view classes will need to remain the same in order for layout with xml files to work. Parts of your code which interact with other code expecting specific class or method names can't be obfuscated. It is your internally used code that can be obfuscated. Perhaps that is what you're seeing? – ThomasW Aug 10 '11 at 04:43

1 Answers1

2

If your stack trace included unobfuscated class names and methods specified in the --keep statements in your proguard.cfg, then the answer is in the body of your question...

Also note that due to the challenges posed by reflection, ProGuard automatically keeps the following:

  • Class.forName("SomeClass")
  • SomeClass.class
  • SomeClass.class.getField("someField")
  • SomeClass.class.getDeclaredField("someField")
  • SomeClass.class.getMethod("someMethod", new Class[] {})
  • SomeClass.class.getMethod("someMethod", new Class[] { A.class })
  • SomeClass.class.getMethod("someMethod", new Class[] { A.class, B.class })
  • SomeClass.class.getDeclaredMethod("someMethod", new Class[] {})
  • SomeClass.class.getDeclaredMethod("someMethod", new Class[] { A.class })
  • SomeClass.class.getDeclaredMethod("someMethod", new Class[] { A.class, B.class })
  • AtomicIntegerFieldUpdater.newUpdater(SomeClass.class, "someField")
  • AtomicLongFieldUpdater.newUpdater(SomeClass.class, "someField")
  • AtomicReferenceFieldUpdater.newUpdater(SomeClass.class, SomeType.class, "someField")

Also note that if you somehow provide the file proguard/mapping.txt generated by ProGuard, the tool ReTrace can un-obfuscate everything.

In short, you don't need to put anything in proguard.cfg to enable obfuscation. The default options are sufficient. Theoretically, you may want to remove some of the default --keep options but ProGuard's documentation specifically states that:

For proper results, you should at least be somewhat familiar with the code that you are processing. Obfuscating code that performs a lot of reflection may require trial and error, especially without the necessary information about the internals of the code.

Community
  • 1
  • 1
srf
  • 2,410
  • 4
  • 28
  • 41