Reputation: 2813
How can I obfuscate XML resource files with DexGuard?
I am using to DexGuard to process my android applications. On DexGuard's Homepage they say it features: XML resource obfuscation
I already tested DexGuard and decompiled my output .apks with apktool. The problem is ALL resource files are decompiled succesffully, so they have not been obfuscated apparently.
Now my question is, does DexGuard automatically obfuscate XML resources or do i have to activate it somehow in my dexguard-project.txt file? Is it possible to obfuscate XML resources like strings.xml or am I misunderstanding this feature?
Upvotes: 2
Views: 6167
Answers (2)
Reputation: 2813
I received the following statement from DexGuard:
Resource XML files are obfuscated automatically in release builds, although the differences may be subtle. You can compare the differences with for instance aapt d xmltree application.apk AndroidManifest.xml. We are working on more obfuscation of resources for upcoming versions.
After executing the proposed command aapt d xmltree application.apk (where application.apk is a simple HelloWorld Application) i finally could see what DexGuard actually obfuscates in XML files:
Each attribute in an XML resource file is identified by a name, but often also by a numeric identifier. In AndroidManifest.xml for example:
android:versionName(0x010102lc) = "1.0"
In the obfuscation step, DexGuard can remove the name of an attribute, but only if this attribute also has a numeric identifier.
After DexGuard obfuscation the above attribute will look like this:
:(0x010102lc) = "1.0"
As XML elements of strings.xml for instance only have a name and no numeric identifier, there won't be any differences in the decompiled XML file.
Upvotes: 1
Reputation: 24039
Why do you want to obfuscate strings.xml? is it because you have api keys or oauth secrets in there? If so, then better to move them to assets/config.properties file and load to a java.util.Properties object like this...
Properties appConfigProperties = new Properties();
appConfigProperties.load(context.getAssets().open("config.properties"))
String myApiKey = appConfigProperties.get("my_api_key");
(for brevity I've removed the exception handling)
Be sure to enable asset encryption in your DexGuard config file:
-encryptassetfiles assets/**
Upvotes: 3
Related Questions
- How to obsfuscate resource string names in Android?
- Excluding manifest file from obfuscation
- How to prevent Dexguard from obfuscating the resources folder in anroid studio?
- How can I use DexGuard to obfuscate my apk?
- How to obfuscate a class which is referenced in Manifest file using Dexguard?
- I want to encrypt or obfuscate my resource (XML layout files, string etc) in android
- Android Obfuscation for code as well as resources
- Obfuscating strings.xml file in android code
- dexguard: encryptstrings in Activity classes?
- Android Library Project: Obfuscate and keep resources