CODEWITHSUNDEEP
androidproguardobfuscation
Boycott A.I.
Boycott A.I.

Reputation: 18871

Android - How to check Proguard obfuscation has worked?

I have obfuscated my apk, but the file size has only been reduced from 12MB to 10.5MB.

The reason it is only a relatively small reduction may be because my app uses a couple of large libraries, but is there any way I can check the level of obfuscation that has been performed?

Just in case, this is my proguard-project.txt file...

# To enable ProGuard in your project, edit project.properties
# to define the proguard.config property as described in that file.
#
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in ${sdk.dir}/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the ProGuard
# include property in project.properties.
#
# For more details, see
#   http://developer.android.com/guide/developing/tools/proguard.html

# Add any project specific keep options here:

# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
#   public *;
#}

-dontwarn twitter4j.**

...and the libraries I'm using are android-support-v4.jar, acra-4.5.0.jar and twitter4j-core-4.0.2.jar.

Upvotes: 57

Views: 38981

Answers (5)

yoAlex5
yoAlex5

Reputation: 34255

Proguard

Proguard workflow:

enter image description here

  • seeds.txt - list of what Proguard keeps. These are entry points and they nodes. For example for bare java it is a main function and others dependencies
  • usage.txt - list of what Proguard does not keep
  • mapping.txt - info about old and new naming in old_name -> new_name format. It can be used for decoding stacktrace by retrace or proguardui
  • dump.txt - describe everything that Proguard put into the result archive

You can find output

<module_name>/build/outputs/mapping/<buildType>/

You can use Analyze APK tool. Where you can look thought .class files, add a Proguard mapping file, show removed nodes, show deobfuscated names

enter image description here

[ProGuard vs R8]

Upvotes: 7

TrueStory
TrueStory

Reputation: 582

ProGuard only shrinks/optimizes the parts you did not create -keep options for. When using broad -keep rules (ending in .** { *; }), the shrinking/optimization results quickly decrease.

I can see from the snippet you did not create such broad -keep options yourself but they may be part of the ProGuard consumer rules which are part of certain dependencies. You can print all these -keep options by adding the follwing in your ProGuard configuration file: -printconfiguration fullconfig.txt. This will create the file fullconfig.txt in which all -keep options, including the ones of the dependencies, are listed.

If one of your dependencies contains too broad -keep options you could choose to ignore these by creating a consumer rule filter. This will require you to create the -keep options for the dependency yourself.

Recently there was a tool released to inspect what parts of a jar/apk are being kept thus not shrunken/optimized. You need to provide the -keep options and upload the jar/apk, you can then see in a visual way what parts of your project are not processed with ProGuard. This tool is called the ProGuard Playground. I would recommend copy/pasting the content of the fullconfig.txt file, that way you can easily see what parts are left untouched by ProGuard.

Upvotes: 0

Elltz
Elltz

Reputation: 10859

In your project directory you will find a Proguard folder, in which you will see four text files:

dump.txt

Describes the internal structure of all the class files in the .apk file

mapping.txt

Lists the mapping between the original and obfuscated class, method, and field names. This file is important when you receive a bug report from a release build, because it translates the obfuscated stack trace back to the original class, method, and member names. See Decoding Obfuscated Stack Traces for more information.

seeds.txt

Lists the classes and members that are not obfuscated

usage.txt

Lists the code that was stripped from the .apk

Source: Proguard

Hope this helps!

Upvotes: 64

VKDev
VKDev

Reputation: 604

any way I can check the level of obfuscation that has been performed?

You might be able to use the flag -optimizationpasses N.

Specifies the number of optimization passes to be performed. By default, a single pass is performed. Multiple passes may result in further improvements. If no improvements are found after an optimization pass, the optimization is ended. Only applicable when optimizing.

Upvotes: 0

WenChao
WenChao

Reputation: 3665

Here is probably a more visual way to check. In the newer release of Android Studio, it comes with the APK Analyser that let user explore what is in the APK file and it is handy to check if your class has been obfuscated.

Below image shows that both package and method name have been obfuscated

You can see the package name and method name is obfuscated

Upvotes: 71

Related Questions