Android code obfuscation with ProGuard...how does one know it's been obfuscated?

Question

I have an Android project that I recently published to the market after running it through obfuscation with ProGuard.

The project exported without any complications, but how do I know it's been obfuscated? Is there anything I could do to verify that obfuscation was successful?

Answer 1

DISCALIMER: I am not the owner of decompileandroid.com and I am not paid to promote it. I am a develper, who is satisfied with this service.

There is actually an easier way than acquiring several different tools and passing the output of one of them to the other (this of course gives you a better control of what's going on). You can use the service

decompileandroid.com

Basically you upload and .apk file and it does all of these steps for you. Then you can download a .zip file, which contains the decompiled sources.

You can first upload your .apk built in debug mode, then upload an .apk built in release mode. Just make sure that the flag minifyEnabled is set to true in your build.gradle file for the release build.

The difference was pretty obvious in my case - most of my classes were named a,b,c, etc in the minified build.

Answer 2

Try to reverse engineer your own application. See what you can read in the code.

Use the following questions:

decompiling DEX into Java sourcecode

http://www.taranfx.com/decompile-reverse-engineer-android-apk

Answer 3

Look for dump.txt, mapping.txt, seeds.txt and usage.txt. They will probably be in a proguard folder at your project directory. These are created when ProGuard is run on your code.

These are filled with information about the obfuscation, especially useful is mapping.txt which shows what ProGuard turned your various member names in to.