When obfuscating with ProGuard, does -keepattributes SourceFile,LineNumberTable make the resulting apk easier to reverse engineer?

Question

I find myself needing more detail in my reported stack traces, but I'm concerned that by including the extra data (by using -keepattributes SourceFile,LineNumberTable) I'm making my app even easier to reverse engineer. Is this the case, and if so, by how much?

Answer 1

-renamesourcefileattribute
-keepattributes SourceFile, LineNumberTable,Signature,Exceptions,InnerClasses,EnclosingMethod

or

-renamesourcefileattribute ''
-keepattributes SourceFile, LineNumberTable,Signature,Exceptions,InnerClasses,EnclosingMethod

Just let filename empty is ok

Answer 2

I think you can just use:

-keepattributes LineNumberTable

Answer 3

ProGuard manual > Examples > Producing useful obfuscated stack traces

The SourceFile attribute is required, because Oracle/Sun's Java virtual machine otherwise does not include line numbers in stack traces, which is what you really want (and which is quite harmless on its own). I haven't checked if this is true for Android's Dalvik virtual machine.

As for a solution, ProGuard can keep the SourceFile attribute but replace its contents by a meaningless string of your choice, e.g.

-renamesourcefileattribute SourceFile

The value of the string is not important for interpreting the stack traces. Picking a string like "SourceFile" avoids increasing the class file sizes, because this string is already present by definition.

Answer 4

I am not exactly sure of what happens but given the source file name contains the actual name of the class, someone could use this to map obfuscated class names into real class names. Given obfsucation already jumbles everything up why keep the source file at all ? Everything should and will still run, the debug details are not required by the runtime so it makes no sense to keep them. The more you remove the better given your goals.