Save 37% off PRO during our Black Friday Sale! »

DX/Proguard and D8/R8

DX/Proguard and D8/R8

The secret behind our applications.

Developing an Android application is an art, you need creativity, dexterity and lots of coffee. At the moment of publishing an application we have to perform an action called obfuscation, which allows us to eliminate methods, classes and other variables that are not being used, which allow us to reduce the size of our application and place a level of security so that they can't access to our source code easily, in this talk we will see the difference between these two tools, DX/Proguard vs R8/D8 and the good practices that exist.

Aec5eaefa6787f3e5295a2669f8f05d8?s=128

Gustavo Lizárraga

September 18, 2019
Tweet

Transcript

  1. None
  2. “Medical writing is a "highly trained and calculated attempt to

    confuse the reader." Dr. Michael Crichton
  3. Gustavo Lizárraga Auth0 Ambassador, iOS and Android Dev, Kotlin Enthusiast,

    Kotlin La Paz Organizer. @lizarraga.dev
  4. DX/Proguard vs D8/R8 The secret behind our applications

  5. Obfuscation?

  6. Obfuscation The obfuscation of code consists in reordering or altering

    the instructions of a program so that, although it performs the same function, its understanding is more difficult.
  7. Are there attempts to obfuscate information in everyday life?

  8. LEET SPEAK It’s a writing format composed with alphanumeric. 3

    5 7 0 3 5 3 1 H 4 ( | < m 3 3 7 ! n 6 4 N D r 0 1 D |-| 0 |_ 4 ( 0 |\/| 0 3 5 7 4 5
  9. GYARU-MOJI Obfuscated Japanese writing style, popular among young ladies, does

    not summarize on the contrary they lengthen the words. おはよう 才(よчoぅ "Buenos días"
  10. CHI LANGUAGE Language used mostly by “Paceñas” ladies. Chiho chila

    chico chimo chies chitas Chime chigus chita chie chisa chichi chica
  11. MEDICAL LANGUAGE Type of highly advanced writing to confuse the

    patient.
  12. The idea is to distort information

  13. Why?

  14. Reasons to obfuscate code • Intellectual property. • Increase security.

    • Avoid “cracks”. • Ego. • Others.
  15. Obfuscation on Android? Size matters?

  16. YES

  17. “The smaller the better. “Android Dev average”

  18. Let's go to the beginning…

  19. CPU In every device, there is a CPU, which is

    responsible for solving the processes of your application.
  20. But the code must run on all these architectures: ARM,

    Arm64, x86, x64, MIPS OMG!
  21. JVM to the rescue It’s a native process virtual machine,

    that is, executable on a specific platform, capable of interpreting and executing instructions expressed in a special binary code (the Java bytecode), which is generated by the Java language compiler.
  22. Java Code (*.java) javac compiler Bytecode (*.class) JVM JVM JVM

  23. JIT (Just in time) JVM Interpreter *.class Hello Everyone! Hot

    code Cold code
  24. But that is for a device with high hardware characteristics.

    We need for a mobile device.
  25. Run App What happens when we run an application?

  26. JAVA COMPILER This is a simple example of compilation with

    javac. *.java *.class
  27. DEX COMPILER This is a simple example of compilation with

    DEX. *.java *.dex
  28. Java Bytecode: All variables are stored in a stack Dex

    Bytecode: All variables are stored in registers
  29. The dex approach is much more efficient and requires less

    space than a regular Java bytecode.
  30. None
  31. What is Bytecode?

  32. Bytecode These are instructions that the JVM expects to receive.

    *.java *.dex
  33. *.java / *.kt *.xml Images/Videos AndroidManifest.xml Android Asset Packaging Tool

    (AAPT) Java/Kotlin Compiler R.java Compiled resources *.class Dex Compiler *.dex App.apk App.aab APK/App Bundle Builder
  34. JIT Dalvik Interpreter *.dex Hot code Cold code

  35. ART (Android Runtime) The main difference was that ART wasn’t

    running Interpreter/JIT on run time. It executed the precompiled code from an .oat binary instead resulting in much better and faster runtime. AOT (Ahead of Time).
  36. Install/Update Unpack .dex Run AOT Compiler .AOT binary Run App

    Load .AOT binary Enjoy App Runtime Install time
  37. But there were some problems…

  38. SOLUTION Interpreter + AOT + JIT

  39. AOT Binary Profiles Dex Files ART JIT Interpreter ART Cold

    code Hot code NO AOT Binary Using AOT Binary dex2aot
  40. Obfuscation?

  41. Before…

  42. DX/Proguard DX tool lets you generate Android bytecode from .class

    files.
  43. Now… What’s Proguard?

  44. Proguard ProGuard obfuscates our code by changing the name of

    the variables, methods and classes, making them occupy much less.
  45. javac kotlinc desugar proguard Dex compiler *.dex transformation transformation Problem:

    Longer build time .class .class
  46. Now…

  47. D8/R8

  48. D8 (Dope8) Is a command line tool that Android Studio

    and the Android Gradle Plugin use to compile your project's Java bytecode into DEX bytecode that runs on Android devices.
  49. None
  50. javac kotlinc proguard D8 *.dex Fast build time .class .class

    Desugar
  51. How much faster?

  52. Simple application DEX + Proguard D8 + Proguard Results Build

    time 41s 655ms 39s 343 ms -2s 312ms Size 5.5 MB 5.3 MB -218.7 kb
  53. How to try it…

  54. None
  55. But… can be better.

  56. R8 R8 obfuscates our code by changing the name of

    the variables, methods and classes, making them occupy much less into dex compilation.
  57. R8 javac kotlinc D8 *.dex R8 and D8 in action!

    .class .class Desugar
  58. Shrinking + Dexing Time

  59. Dex file size

  60. APK size

  61. R8 is more Kotlin friendly

  62. COMPARISON DEX + Proguard D8 + R8 Results Build time

    41s 655ms 28s 592 ms -13s 0732ms Size 5.5 MB 5.2 MB -348.6 kb Method count 39.339 38.217 -1.122
  63. How to try it…

  64. None
  65. D8 & R8 the best combination

  66. speakerdeck.com/lizarragadev

  67. lizarraga.dev

  68. None