Exclude all 3rd party libraries from ProGuard with Android Maven Plugin

Question

I'm trying to obfuscate my Android project code, I've managed to get ProGuard working when including the following in my proguard.cfg:

-keep class javax.** { *; }
-keep class org.codehaus.jackson.** { *; }
-keep class org.springframework.** { *; }
-keep class com.google.ads.**

These are 3rd party dependencies I use with my project (spring android, google ads etc).

The problem is, when running the final apk on my phone/emulator I'm getting NullPointerException. It seems as my code (obfuscated classes something like a.b etc) is calling obfuscated methods and classes from these 3rd party dependencies, but the classes names are now different (e.g: a class named Foo is still Foo because i'm not obfuscating it but my actual code calls something else).

Has anyone managed to get this kind of setup working? Should i obfuscate these 3rd party libraries as well?

Answer 1

It's not always necessary to preserve third-party libraries the way you do, but in case of problems, it's a good first step.

You may still experience problems with JSON serialization/deserialization if the processed code has become incompatible with the serialized data. You then have to make sure you also -keep the serialized classes and fields, to keep ProGuard from removing or renaming them.

Similarly, you may see problems with Spring, if annotated classes, fields, and methods are removed or renamed. You have to -keep them. You also have to preserve the annotations themselves:

-keepattributes *Annotation*,Signature

Essentially, it's always a problem of reflection that fails because ProGuard couldn't foresee it and has removed or renamed parts of the code. The stack trace of your NullPointerException should provide more information on where to look.

For more suggestions, cfr. ProGuard manual > Troubleshooting.