How to apply proguard to AAR library in android?

Question

I have Develop one Android AAR Library which consist of all functionality that customer required, I want to apply proguard on library before deliver it to the customer in order to obfuscate the code so that code will not easy to decompile.

I googled it before posting this question and I found that Library projects by themselves don't run ProGuard, so they don't use any configuration, as mention here Click Here

I have done following configuration in order to apply proguard on my library project.

buildTypes {

    debug {
        shrinkResources false
        minifyEnabled false
        proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
    }

    release {
        shrinkResources true
        minifyEnabled true
        proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
    }
}

I have applied this rules on proguard-rules.pro

 -keepparameternames
 -renamesourcefileattribute SourceFile
 -keepattributes Exceptions,InnerClasses,Signature,Deprecated,SourceFile,LineNumberTable,*Annotation*,EnclosingMethod

 -keep public class * {
public protected *;
 }

 -keepclassmembernames class * {
java.lang.Class class$(java.lang.String);
java.lang.Class class$(java.lang.String, boolean);
 }

 -keepclasseswithmembernames class * {
native <methods>;
 }

 -keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
 }

 -keepclassmembers class * implements java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[] serialPersistentFields;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
 }

but after using this aar on my demo project the library get used properly but the code is not hidden it just get visible after decompiled in android studio as we decompile method just by holding ctrl and click on that method, all containt of method just get visible without any proguard rules applied on that library.

Please suggest me relevant way or tell me what wrong steps I am taking as I am new to android.

Answer 1

AAR modules can be indeed obfuscated.

Add consumerProguardFiles 'proguard-rules.pro' to your AAR build.gradle configuration along with proguardFiles, so that if the app/module that's using the AAR runs ProGuard, your configuration (i.e. any excludes for public API that shouldn't be minified) will be honoured.

Answer 2

Android libraries (aar-files) are not obfuscated at all. The minifyEnabled option is ignored in com.android.library-projects. So everyone can easily decompile the code contained in an aar-file.