SoFunction
Updated on 2025-04-10

Android application development code obfuscation

Obfuscator (ProGuard)

The obfuscator compresses, optimizes and obfuscates the code by removing never-used code and renames classes, fields, and methods with obscure names. The result is a smaller .apk file, which is more difficult to reverse project. Therefore, when your application is sensitive (highly demanding), for example, when you authorize an application, obfuscator is an important means of protection.

The obfuscator is integrated into the Android build system, so you don't have to call it manually. At the same time, the obfuscator will only be executed when building the application in publish mode, so when building the program in debug mode, you don't have to deal with obfuscating code. It is optional to let the obfuscator execute, but it is recommended to choose.

1. Changes

  # This file is automatically generated by Android Tools.
  # Do not modify this file -- YOUR CHANGES WILL BE ERASED!
  #
  # This file must be checked in Version Control Systems.
  #
  # To customize properties used by the Ant build system edit
  # "", and override values to adapt the script to your
  # project structure.
  #
  # To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: , ):
  #=${}/tools/proguard/:

  # Project target.
  target=android-19

Remove the gaze in front

2. Changes

  # To enable ProGuard in your project, edit 
  # to define the  property as described in that file.
  #
  # Add project specific ProGuard rules here.
  # By default, the flags in this file are appended to flags specified
  # in ${}/tools/proguard/
  # You can edit the include path and order by changing the ProGuard
  # include property in .
  #
  # For more details, see
  #  /guide/developing/tools/

  # Add any project specific keep options here:

  # If your project uses WebView with JS, uncomment the following
  # and specify the fully qualified class name to the JavaScript interface
  # class:
  #-keepclassmembers class  {
  #  public *;
  #}

Suppose that a third-party `jar` package is used in the program, which causes an error after obfuscation. At this time, we need to configure the corresponding configuration in order to prevent the corresponding jar package from being obfuscated. The relevant configuration explanations in the modified configuration file are as follows:

```java
  -keep public class * extends 【Classes that do not obfuscate class names,Keep its original class name and package name】

  -keep public abstract interface {
  public protected <methods>; 【allpublic protectedThe method name is not obfuscated】
  }
  -keep public class {
  public void Start(); 【No obfuscation of this method】
  }
  -keepclasseswithmembernames class * { 【对all类的nativeMethod names are not obfuscated】
  native <methods>;
  }
  -keepclasseswithmembers class * { 【对all类的指定方法The method name is not obfuscated】
  public <init>(, );
  }
  -keepclassmembers class * extends  {【对all类的指定方法The method name is not obfuscated】
  public void *();
  }
  -keepclassmembers enum * {【For enum typesenum的all类的下面指定方法The method name is not obfuscated】
  public static **[] values();
  public static ** valueOf();
  }
  -keep class * implements  {【It's doneParcelable接口的all类的类名不进行混淆,For its member variables areParcelable$CreatorThe variable names of the member variables of the type are not confused】
  public static final $Creator *;
  }
  -keepclasseswithmembers class  {【No obfuscation of variable names of specified variables of specified classes】
    volatile transient $Node head;
    volatile transient $Node tail;
    volatile transient int sweepVotes;

  }
  -keep public class .** {*; }【对包下all的类都不进行混淆,That is, no confusion of class names,Also, method names and variable names are not confused】
```

After decompiling the above two parts, you can get confused after decompiling, but the four major components are still there. Why are the four major components still there? Since the four major components are configured in the manifest file, assuming that the confusion cannot be based on the configuration of the manifest file.

Suppose that when some of our own codes want to provide methods to make others call through reflection, we do not want some of the code to be obfuscated, or we use third-party jar packages provided by others. Since third-party jar packages are generally already obfuscated, if we obfuscate again, we will report an error, so we must ensure that these contents do not need to be obfuscated. Here we just need to change this file and add the following sentence, and it will not obfuscate the content we gave.

-keepattributes *Annotation*     
-keep public class * extends 
-keep public class * extends 
-keep public class * extends 
-keep public class * extends 
-keep public class * extends 
-keep public class * extends 
-keep public class * extends 
-keep public class * extends .
-keep public class * extends 
-keep public class 
-keep class 
-keep class .** {
*;
}