Android and its ProGuard

Open Table of contents

What is ProGuard in Android
ProGuard and its key functions
ProGuard Workflow
Steps to Define ProGuard in an Android project:
Custom Module in app and enabling ProGuard
Negative Points to be reminded while using ProGuard
Alternatives of ProGuard
Conclusion

What is ProGuard in Android

ProGuard is a code shrinking, optimization, and obfuscation tool
used in Android app development to improve the performance and security of applications.
It is a part of the Android Gradle build system
is employed to reduce the size of the APK files, which can help improve the app’s startup time and reduce its memory footprint.

ProGuard and its key functions

Code Shrinking: Analyzes the code and removes unused classes, fields, and methods from the application and reduce the size of the APK.
Code Optimization: Optimizes the code by applying various transformations to make it more efficient, such as inlining methods and removing unnecessary instructions.
Code Obfuscation: ProGuard renames classes, fields, and methods to short, obfuscated names making it more challenging for reverse engineers and de-compile the code, also enhance the security of the application.
Resource Shrinking: In addition to code, ProGuard can also remove unused resources like layouts, drawables, and string resources from the APK, for further reducing its size.

ProGuard Workflow

ProGuard works in Android by performing three main tasks: code shrinking, code optimization, and code obfuscation. It is integrated into the Android build process and is used to improve the performance and security of Android applications.

proguardWorks

One can configure ProGuard by specifying rules in a ProGuard configuration file (usually named proguard-rules.pro). These rules define which parts of the code should be kept (e.g., classes and methods) and which parts can be shrunk, optimized, or obfuscated.
When the app is built using Gradle, the ProGuard tool is invoked during the build process.
ProGuard processes the code based on the rules in the configuration file.
Unused code is removed, and the code is optimized for performance.
Obfuscation is applied, renaming classes, fields, and methods.

The result is a smaller, optimized, and obfuscated APK file that can be distributed to users.

Steps to Define ProGuard in an Android project:

Create a ProGuard Configuration File: In the Android Studio project, create a file named proguard-rules.pro in the app module’s proguard directory if it doesn’t already exist.
Specify ProGuard Rules: Define the ProGuard rules in the proguard-rules.pro file, which tell ProGuard what to keep, optimize, or obfuscate.

Syntax for rule definitions:
- -keep: Keep specific classes, methods, or fields.
- -dontwarn: Suppress warnings about specific classes or packages.
- -keepattributes : Keep specific attributes, such as annotations.
- -assumenosideeffects : Make assumptions about methods with no side effects.
- -optimizations : Configure optimization options.
Example of a ProGuard rule to keep a specific class:
```
-keep class com.example.myapp.MyClass {
    public *;
}
```
Add ProGuard Configuration to Gradle: In the app’s build.gradle file, specify the location of the ProGuard configuration.

buildTypes {
    release {
        minifyEnabled true
        shrinkResource true
        proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
    }
}

Explanation :

Above snippet enables ProGuard for the release build type and specifies the custom ProGuard rules file (proguard-rules.pro).
minifyEnabled true enables code shrinking.
The getDefaultProguardFile(‘proguard-android-optimize.txt’) portion includes Android’s default optimization rules.
shrinkResource controls the optimisation of resources and this can be set true only if minify enabled. Link to know more

Build the App: After defining the ProGuard rules and adding them to the Gradle configuration, build the Android app using the release build type. ProGuard will be invoked during the build process to process the code based on the defined rules.
Testing and Debugging: Thoroughly testing of the app ensure that ProGuard does not break any functionality. It’s essential to debug and make adjustments to the ProGuard rules if required.

Custom Module in app and enabling ProGuard

buildTypes {
    release {
        minifyEnabled true
        shrinkResource true
        consumerProguardFiles 'library-proguard-rule.pro'
    }
}

We can define all Proguard rules for any dependency used in any module in two places:

in the main project’s Proguard rules
can make separate Proguard rules for each module and pass them to the app level via consumerProguardFiles

Negative Points to be reminded while using ProGuard

Configuration Complexity: Writing and maintaining ProGuard rules can be complex and also it is required to ensure that ProGuard doesn’t inadvertently remove or obfuscate code that’s essential for your app’s functionality.
Reflection and Dynamic Class Loading: If the codebase rely on reflection then it is important to create specific rules as ProGuard can interfere with reflection and dynamic class loading.
Debugging Challenges: After enabling ProGuard, the obfuscation of class and method names makes debugging harder to trace errors and exceptions back to your original source code.
Increased Build Time: Enabling ProGuard, analysis and processing can be resource-intensive and also can increase the app’s build time.
Impact on APK Size: While the primary purpose of ProGuard is to reduce APK size, it may not always result in significant size reductions, especially if the app is already well-optimized or if the bulk of the APK size is due to non-code assets like images and videos.
Impact on Third-Party Libraries: ProGuard may require to configure rules to ensure that the third-party libraries are correctly processed. Incorrect configuration can lead to issues with library functionality.
Potential for Over-Optimization: ProGuard’s aggressive optimization settings can sometimes result in unexpected removal of code that one intended to keep. Careful configuration is required for optimization and maintaining functionality.

Alternatives of ProGuard

With the advancements in the Android Ecosystem, there are alternative tools and techniques available for achieving similar results.

R8(Android’s Default Tool)- Google introduced R8 as a replacement for ProGuard.
DexGuard - Offers advanced features for code obfuscation, encryption, and runtime tamper detection and also useful for applications where security is a top priority.
Android Gradle Plugin Features - offers various features and settings for reducing the size of your APK, including resource shrinking, code splitting, and instant app support. These features can be configured in the app’s build.gradle file.
ProGuard itself provides options to perform code shrinking and obfuscation. -dontshrink and -dontobfuscate flags to perform only code optimization without shrinking or obfuscation.

Conclusion

ProGuard remains a valuable tool for many Android developers. Its benefits in terms of optimizing APK size, improving app startup times, and enhancing app security often outweigh its drawbacks.

Careful configuration and thorough testing can help mitigate many of the challenges associated with using ProGuard.

For More Information, please refer this link for ProGuard

Happy Learning !