Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ProGuard

Edward Dale
August 31, 2017
Technology
1
480

 ProGuard

An introduction to how ProGuard works.

Edward Dale

August 31, 2017
Tweet

More Decks by Edward Dale

See All by Edward Dale
Write your own ProGuard
scompt
1
190
Screenshot your Entire App with Screengrab and Firebase
scompt
0
450
Screenshot your Entire App
scompt
1
1.9k
Reactive In-App Billing on Android
scompt
2
280
Fitness Motion Recognition with Android Wear
scompt
1
420
Android Apps with Mortar and Flow
scompt
7
1.6k
Functional Reactive Programming in the Mobile World
scompt
2
320

Other Decks in Technology

See All in Technology
次世代KYC活動報告 / 20250219-BizDay17-KYC-nextgen
oidfj
0
260
2/18/25: Java meets AI: Build LLM-Powered Apps with LangChain4j
edeandrea
PRO
0
130
クラウドサービス事業者におけるOSS
tagomoris
2
860
ソフトウェアエンジニアと仕事するときに知っておいたほうが良いこと / Key points for working with software engineers
pinkumohikan
0
100
Classmethod AI Talks(CATs) #16 司会進行スライド(2025.02.12) / classmethod-ai-talks-aka-cats_moderator-slides_vol16_2025-02-12
shinyaa31
0
110
株式会社EventHub・エンジニア採用資料
eventhub
0
4.3k
レビューを増やしつつ 高評価維持するテクニック
tsuzuki817
1
740
SA Night #2 FinatextのSA思想/SA Night #2 Finatext session
satoshiimai
1
140
OpenID BizDay#17 KYC WG活動報告(法人) / 20250219-BizDay17-KYC-legalidentity
oidfj
0
250
Tech Blogを書きやすい環境づくり
lycorptech_jp
PRO
1
240
Raycast AI APIを使ってちょっと便利な拡張機能を作ってみた / created-a-handy-extension-using-the-raycast-ai-api
kawamataryo
0
100
開発スピードは上がっている…品質はどうする? スピードと品質を両立させるためのプロダクト開発の進め方とは #DevSumi #DevSumiB / Agile And Quality
nihonbuson
2
3k

Featured

See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k
Side Projects
sachag
452
42k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Fashionably flexible responsive web design (full day workshop)
malarkey
406
66k
GraphQLの誤解/rethinking-graphql
sonatard
68
10k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.7k
Automating Front-end Workflow
addyosmani
1368
200k
Building Applications with DynamoDB
mza
93
6.2k
It's Worth the Effort
3n
184
28k
A Tale of Four Properties
chriscoyier
158
23k
Build The Right Thing And Hit Your Dates
maggiecrowley
34
2.5k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k

Transcript

  1. ProGuard Edward Dale @scompt Freeletics https://www.freeletics.com August 31, 2017 ©

    Edward Dale, 2017 1

  2. Agenda • Overview • Steps • Problems • Future ©

    Edward Dale, 2017 2

  3. Purpose ProGuard is the most popular optimizer for Java bytecode.

    It makes your Java and Android applications up to 90% smaller and up to 20% faster. ProGuard also provides minimal protection against reverse engineering by obfuscating the names of classes, fields and methods. — https://www.guardsquare.com/en/proguard © Edward Dale, 2017 3

  4. Purpose ProGuard is the most popular optimizer for Java bytecode.

    It makes your Java and Android applications up to 90% smaller and up to 20% faster. ProGuard also provides minimal protection against reverse engineering by obfuscating the names of classes, fields and methods. — https://www.guardsquare.com/en/proguard © Edward Dale, 2017 4

  5. Highlights 1 • ProGuard is a command-line tool with an

    optional graphical user interface. • ProGuard is easy to configure. A few intuitive command line options or a simple configuration file is all it takes. All available options are detailed in the user manual. 1 https://www.guardsquare.com/en/proguard © Edward Dale, 2017 5

  6. Highlights 1 (continued) • ProGuard is fast. It processes small

    Android applications and entire run-time libraries in seconds. • ProGuard is the default tool in development environments like Oracle’s Wireless Toolkit, NetBeans, EclipseME, Intel’s TXE SDK and Google’s Android SDK. 1 https://www.guardsquare.com/en/proguard © Edward Dale, 2017 6

  7. Highlights (annotated) • ProGuard is easy to configure. A few

    intuitive command line options or a simple configuration file is all it takes. All available options are detailed in the user manual. • ProGuard is fast. It processes small Android applications and entire run- time libraries in seconds. © Edward Dale, 2017 7

  8. Steps start shrink end optimize obfuscate preverify © Edward Dale,

    2017 8

  9. Shrink Step • Enabled by default • Disabled with -dontshrink

    • Removes all classes, methods, resources not reachable from from an entry point (seeds) • Dynamically referenced classes/methods need to be "kept" using -keep or -keepclasseswithmembers © Edward Dale, 2017 9

  10. Example Class Diagram LoginActivity UserManager UserApi FeedActivity FeedApi OldUserManager OldUserApi

    © Edward Dale, 2017 10

  11. After Shrinking • No seeds LoginActivity UserManager UserApi FeedActivity FeedApi

    OldUserManager OldUserApi © Edward Dale, 2017 11

  12. After Shrinking • -keep MainActivity • -keep SecondActivity LoginActivity UserManager

    UserApi FeedActivity FeedApi OldUserManager OldUserApi © Edward Dale, 2017 12

  13. After Shrinking • -keep public class * extends android.app.Activity LoginActivity

    UserManager UserApi FeedActivity FeedApi OldUserManager OldUserApi © Edward Dale, 2017 13

  14. Keep Options -keep Specifies classes and class members (fields and

    methods) to be preserved as entry points to your code. -keepclassmembers Specifies class members to be preserved, if their classes are preserved as well. -keepclasseswithmembers Specifies classes and class members to be preserved, on the condition that all of the specified class members are present. © Edward Dale, 2017 14

  15. Optimize Step • Enabled by default • Disabled with -dontoptimize

    • Performs lots of different bytecode-level optimizations to the code © Edward Dale, 2017 15

  16. Optimize Step • -optimizationpasses declares how many times to optimize/shrink

    • Freeletics does 5 passes © Edward Dale, 2017 16

  17. Optimize Step • -optimizations can be used to disable specific

    optimizations • Freeletics disables optimizations that cause problems on Android • More information in $ANDROID_HOME/tools/proguard/ proguard-android-optimize.txt © Edward Dale, 2017 17

  18. Example Optimizations 2 • Marks methods as final, whenever possible.

    • Removes unused method parameters. • Propagates the values of method parameters from method invocations to the invoked methods. • Propagates the values of method return values from methods to their invocations. • Inlines short methods. • Inlines methods that are only called once. 2 https://www.guardsquare.com/en/proguard/manual/optimizations © Edward Dale, 2017 18

  19. Obfuscate Step • Enabled by default • Disabled with -dontobfuscate

    • Classes and class members receive new short random names, except for the ones listed by the various -keep options • Internal attributes that are useful for debugging are removed © Edward Dale, 2017 19

  20. After Obfuscation LoginActivity A B FeedActivity C OldUserManager OldUserApi ©

    Edward Dale, 2017 20

  21. Preverification Step • Enabled by default • Disabled with -dontpreverify

    • When loading class files, the class loader performs some sophisticated verification of the byte code. • Unnecessary on Android © Edward Dale, 2017 21

  22. Problems © Edward Dale, 2017 22

  23. Problem 1 Class is unintentionally removed/obfuscated Symptom: Runtime crash java.lang.NoClassDefFoundError:

    Failed resolution of: Lcom/freeletics/LoginActivity; © Edward Dale, 2017 23

  24. Problem 1 Class is unintentionally removed/obfuscated Symptom: Runtime crash java.lang.NoClassDefFoundError:

    Failed resolution of: Lcom/freeletics/LoginActivity; Solution: Ensure class is kept -keep com.freeletics.LoginActivity © Edward Dale, 2017 24

  25. Problem 2 Code references a class not available Symptom:: Build

    failure Warning: rx.internal.util.unsafe.ConcurrentCircularArrayQueue: can't find referenced class sun.misc.Unsafe ... Warning: there were 47 unresolved references to classes or interfaces. © Edward Dale, 2017 25

  26. Problem 2 Code references a class not available Symptom:: Build

    failure Warning: rx.internal.util.unsafe.ConcurrentCircularArrayQueue: can't find referenced class sun.misc.Unsafe ... Warning: there were 47 unresolved references to classes or interfaces. Solution: Don't warn about classes unavailable on Android -dontwarn sun.misc.Unsafe © Edward Dale, 2017 26

  27. Problem 3 Adding a new library breaks build Symptom: Build

    failure © Edward Dale, 2017 27

  28. Problem 3 Adding a new library breaks build Symptom: Build

    failure Solution: Google Should only happen with non-Android-specific libraries. Android-specific Libraries can add a ProGuard configuration that should be used. © Edward Dale, 2017 28

  29. The Future we are also working on R8, which is

    a Proguard replacement for whole program minification and optimization3 — James Lau, Product Manager 3 https://android-developers.googleblog.com/2017/08/next-generation-dex-compiler-now-in.html © Edward Dale, 2017 29

  30. The Future • D8 is a dexer that converts java

    byte code to dex code. • R8 is a java program shrinking and minification tool that converts java byte code to optimized dex code. • R8 is a Proguard replacement for whole-program optimization, shrinking and minification. R8 uses the Proguard keep rule format for specifying the entry points for an application. © Edward Dale, 2017 30

  31. Questions? Edward Dale @scompt Freeletics https://www.freeletics.com © Edward Dale, 2017

    31

  32. Citations • http://knowyourmeme.com/memes/yao-ming-face-bitch- please © Edward Dale, 2017 32