DX/Proguard and D8/R8

Transcript

1. None

2. “Medical writing is a "highly trained and calculated attempt to

   confuse the reader." Dr. Michael Crichton

3. Gustavo Lizárraga Auth0 Ambassador, iOS and Android Dev, Kotlin Enthusiast,

   Kotlin La Paz Organizer. @lizarraga.dev

4. DX/Proguard vs D8/R8 The secret behind our applications

5. Obfuscation?

6. Obfuscation The obfuscation of code consists in reordering or altering

   the instructions of a program so that, although it performs the same function, its understanding is more difficult.

7. Are there attempts to obfuscate information in everyday life?

8. LEET SPEAK It’s a writing format composed with alphanumeric. 3

   5 7 0 3 5 3 1 H 4 ( | < m 3 3 7 ! n 6 4 N D r 0 1 D |-| 0 |_ 4 ( 0 |\/| 0 3 5 7 4 5

9. GYARU-MOJI Obfuscated Japanese writing style, popular among young ladies, does

   not summarize on the contrary they lengthen the words. おはよう 才（よчｏぅ "Buenos días"

10. CHI LANGUAGE Language used mostly by “Paceñas” ladies. Chiho chila

    chico chimo chies chitas Chime chigus chita chie chisa chichi chica

11. MEDICAL LANGUAGE Type of highly advanced writing to confuse the

    patient.

12. The idea is to distort information

13. Why?

14. Reasons to obfuscate code • Intellectual property. • Increase security.

    • Avoid “cracks”. • Ego. • Others.

15. Obfuscation on Android? Size matters?

16. YES

17. “The smaller the better. “Android Dev average”

18. Let's go to the beginning…

19. CPU In every device, there is a CPU, which is

    responsible for solving the processes of your application.

20. But the code must run on all these architectures: ARM,

    Arm64, x86, x64, MIPS OMG!

21. JVM to the rescue It’s a native process virtual machine,

    that is, executable on a specific platform, capable of interpreting and executing instructions expressed in a special binary code (the Java bytecode), which is generated by the Java language compiler.

22. Java Code (*.java) javac compiler Bytecode (*.class) JVM JVM JVM

23. JIT (Just in time) JVM Interpreter *.class Hello Everyone! Hot

    code Cold code

24. But that is for a device with high hardware characteristics.

    We need for a mobile device.

25. Run App What happens when we run an application?

26. JAVA COMPILER This is a simple example of compilation with

    javac. *.java *.class

27. DEX COMPILER This is a simple example of compilation with

    DEX. *.java *.dex

28. Java Bytecode: All variables are stored in a stack Dex

    Bytecode: All variables are stored in registers

29. The dex approach is much more efficient and requires less

    space than a regular Java bytecode.
30. None

31. What is Bytecode?

32. Bytecode These are instructions that the JVM expects to receive.

    *.java *.dex

33. *.java / *.kt *.xml Images/Videos AndroidManifest.xml Android Asset Packaging Tool

    (AAPT) Java/Kotlin Compiler R.java Compiled resources *.class Dex Compiler *.dex App.apk App.aab APK/App Bundle Builder

34. JIT Dalvik Interpreter *.dex Hot code Cold code

35. ART (Android Runtime) The main difference was that ART wasn’t

    running Interpreter/JIT on run time. It executed the precompiled code from an .oat binary instead resulting in much better and faster runtime. AOT (Ahead of Time).

36. Install/Update Unpack .dex Run AOT Compiler .AOT binary Run App

    Load .AOT binary Enjoy App Runtime Install time

37. But there were some problems…

38. SOLUTION Interpreter + AOT + JIT

39. AOT Binary Profiles Dex Files ART JIT Interpreter ART Cold

    code Hot code NO AOT Binary Using AOT Binary dex2aot

40. Obfuscation?

41. Before…

42. DX/Proguard DX tool lets you generate Android bytecode from .class

    files.

43. Now… What’s Proguard?

44. Proguard ProGuard obfuscates our code by changing the name of

    the variables, methods and classes, making them occupy much less.

45. javac kotlinc desugar proguard Dex compiler *.dex transformation transformation Problem:

    Longer build time .class .class

46. Now…

47. D8/R8

48. D8 (Dope8) Is a command line tool that Android Studio

    and the Android Gradle Plugin use to compile your project's Java bytecode into DEX bytecode that runs on Android devices.
49. None

50. javac kotlinc proguard D8 *.dex Fast build time .class .class

    Desugar

51. How much faster?

52. Simple application DEX + Proguard D8 + Proguard Results Build

    time 41s 655ms 39s 343 ms -2s 312ms Size 5.5 MB 5.3 MB -218.7 kb

53. How to try it…

54. None

55. But… can be better.

56. R8 R8 obfuscates our code by changing the name of

    the variables, methods and classes, making them occupy much less into dex compilation.

57. R8 javac kotlinc D8 *.dex R8 and D8 in action!

    .class .class Desugar

58. Shrinking + Dexing Time

59. Dex file size

60. APK size

61. R8 is more Kotlin friendly

62. COMPARISON DEX + Proguard D8 + R8 Results Build time

    41s 655ms 28s 592 ms -13s 0732ms Size 5.5 MB 5.2 MB -348.6 kb Method count 39.339 38.217 -1.122

63. How to try it…

64. None

65. D8 & R8 the best combination

66. speakerdeck.com/lizarragadev

67. lizarraga.dev

68. None