Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
ProGuard
Search
Edward Dale
August 31, 2017
Technology
1
460
ProGuard
An introduction to how ProGuard works.
Edward Dale
August 31, 2017
Tweet
Share
More Decks by Edward Dale
See All by Edward Dale
Write your own ProGuard
scompt
1
190
Screenshot your Entire App with Screengrab and Firebase
scompt
0
420
Screenshot your Entire App
scompt
1
1.9k
Reactive In-App Billing on Android
scompt
2
270
Fitness Motion Recognition with Android Wear
scompt
1
400
Android Apps with Mortar and Flow
scompt
7
1.6k
Functional Reactive Programming in the Mobile World
scompt
2
320
Other Decks in Technology
See All in Technology
【ログ分析勉強会#5】Elasticsearch/Kibana のパイプ型クエリー言語ES|QLの紹介 ~ Pandasと一緒にログ分析してみた
nobuhikosekiya
0
160
SQLによるオブザーバビリティの進化とClickHouseの実力
mikimatsumoto
0
150
Authenticator のエミュレーションによる パスキーのログインテスト/nikkei-tech-talk-25
nikkei_engineer_recruiting
0
130
エムスリー全チーム紹介資料 / Introduction of M3 All Teams
m3_engineering
0
170
山手線一周のパフォーマンス改善
suzukahr
0
110
仮想化って何だろう
shkoga
0
140
Oracle GoldenGate 23ai 導入Tips
oracle4engineer
PRO
1
190
つよつよリーダーが 抜けたらどうする? 〜ナビタイムのAgile⽀援組織の変遷〜
navitimejapan
PRO
22
12k
KDD2024参加報告
cyberagentdevelopers
PRO
0
180
【shownet.conf_】革新と伝統を融合したファシリティ
shownet
PRO
0
230
LINEヤフー新卒採用 コーディングテスト解説 アルゴリズム問題編
lycorp_recruit_jp
0
12k
MLOpsの「あるある」課題の解決と、そのためのライブラリgokart
mski_iksm
1
150
Featured
See All Featured
Design by the Numbers
sachag
277
19k
Clear Off the Table
cherdarchuk
91
320k
Designing the Hi-DPI Web
ddemaree
279
34k
Intergalactic Javascript Robots from Outer Space
tanoku
268
27k
Adopting Sorbet at Scale
ufuk
73
8.9k
The Invisible Side of Design
smashingmag
296
50k
Infographics Made Easy
chrislema
239
18k
Six Lessons from altMBA
skipperchong
26
3.4k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
327
21k
Building a Modern Day E-commerce SEO Strategy
aleyda
36
6.8k
Become a Pro
speakerdeck
PRO
23
4.9k
Bash Introduction
62gerente
608
210k
Transcript
ProGuard Edward Dale @scompt Freeletics https://www.freeletics.com August 31, 2017 ©
Edward Dale, 2017 1
Agenda • Overview • Steps • Problems • Future ©
Edward Dale, 2017 2
Purpose ProGuard is the most popular optimizer for Java bytecode.
It makes your Java and Android applications up to 90% smaller and up to 20% faster. ProGuard also provides minimal protection against reverse engineering by obfuscating the names of classes, fields and methods. — https://www.guardsquare.com/en/proguard © Edward Dale, 2017 3
Purpose ProGuard is the most popular optimizer for Java bytecode.
It makes your Java and Android applications up to 90% smaller and up to 20% faster. ProGuard also provides minimal protection against reverse engineering by obfuscating the names of classes, fields and methods. — https://www.guardsquare.com/en/proguard © Edward Dale, 2017 4
Highlights 1 • ProGuard is a command-line tool with an
optional graphical user interface. • ProGuard is easy to configure. A few intuitive command line options or a simple configuration file is all it takes. All available options are detailed in the user manual. 1 https://www.guardsquare.com/en/proguard © Edward Dale, 2017 5
Highlights 1 (continued) • ProGuard is fast. It processes small
Android applications and entire run-time libraries in seconds. • ProGuard is the default tool in development environments like Oracle’s Wireless Toolkit, NetBeans, EclipseME, Intel’s TXE SDK and Google’s Android SDK. 1 https://www.guardsquare.com/en/proguard © Edward Dale, 2017 6
Highlights (annotated) • ProGuard is easy to configure. A few
intuitive command line options or a simple configuration file is all it takes. All available options are detailed in the user manual. • ProGuard is fast. It processes small Android applications and entire run- time libraries in seconds. © Edward Dale, 2017 7
Steps start shrink end optimize obfuscate preverify © Edward Dale,
2017 8
Shrink Step • Enabled by default • Disabled with -dontshrink
• Removes all classes, methods, resources not reachable from from an entry point (seeds) • Dynamically referenced classes/methods need to be "kept" using -keep or -keepclasseswithmembers © Edward Dale, 2017 9
Example Class Diagram LoginActivity UserManager UserApi FeedActivity FeedApi OldUserManager OldUserApi
© Edward Dale, 2017 10
After Shrinking • No seeds LoginActivity UserManager UserApi FeedActivity FeedApi
OldUserManager OldUserApi © Edward Dale, 2017 11
After Shrinking • -keep MainActivity • -keep SecondActivity LoginActivity UserManager
UserApi FeedActivity FeedApi OldUserManager OldUserApi © Edward Dale, 2017 12
After Shrinking • -keep public class * extends android.app.Activity LoginActivity
UserManager UserApi FeedActivity FeedApi OldUserManager OldUserApi © Edward Dale, 2017 13
Keep Options -keep Specifies classes and class members (fields and
methods) to be preserved as entry points to your code. -keepclassmembers Specifies class members to be preserved, if their classes are preserved as well. -keepclasseswithmembers Specifies classes and class members to be preserved, on the condition that all of the specified class members are present. © Edward Dale, 2017 14
Optimize Step • Enabled by default • Disabled with -dontoptimize
• Performs lots of different bytecode-level optimizations to the code © Edward Dale, 2017 15
Optimize Step • -optimizationpasses declares how many times to optimize/shrink
• Freeletics does 5 passes © Edward Dale, 2017 16
Optimize Step • -optimizations can be used to disable specific
optimizations • Freeletics disables optimizations that cause problems on Android • More information in $ANDROID_HOME/tools/proguard/ proguard-android-optimize.txt © Edward Dale, 2017 17
Example Optimizations 2 • Marks methods as final, whenever possible.
• Removes unused method parameters. • Propagates the values of method parameters from method invocations to the invoked methods. • Propagates the values of method return values from methods to their invocations. • Inlines short methods. • Inlines methods that are only called once. 2 https://www.guardsquare.com/en/proguard/manual/optimizations © Edward Dale, 2017 18
Obfuscate Step • Enabled by default • Disabled with -dontobfuscate
• Classes and class members receive new short random names, except for the ones listed by the various -keep options • Internal attributes that are useful for debugging are removed © Edward Dale, 2017 19
After Obfuscation LoginActivity A B FeedActivity C OldUserManager OldUserApi ©
Edward Dale, 2017 20
Preverification Step • Enabled by default • Disabled with -dontpreverify
• When loading class files, the class loader performs some sophisticated verification of the byte code. • Unnecessary on Android © Edward Dale, 2017 21
Problems © Edward Dale, 2017 22
Problem 1 Class is unintentionally removed/obfuscated Symptom: Runtime crash java.lang.NoClassDefFoundError:
Failed resolution of: Lcom/freeletics/LoginActivity; © Edward Dale, 2017 23
Problem 1 Class is unintentionally removed/obfuscated Symptom: Runtime crash java.lang.NoClassDefFoundError:
Failed resolution of: Lcom/freeletics/LoginActivity; Solution: Ensure class is kept -keep com.freeletics.LoginActivity © Edward Dale, 2017 24
Problem 2 Code references a class not available Symptom:: Build
failure Warning: rx.internal.util.unsafe.ConcurrentCircularArrayQueue: can't find referenced class sun.misc.Unsafe ... Warning: there were 47 unresolved references to classes or interfaces. © Edward Dale, 2017 25
Problem 2 Code references a class not available Symptom:: Build
failure Warning: rx.internal.util.unsafe.ConcurrentCircularArrayQueue: can't find referenced class sun.misc.Unsafe ... Warning: there were 47 unresolved references to classes or interfaces. Solution: Don't warn about classes unavailable on Android -dontwarn sun.misc.Unsafe © Edward Dale, 2017 26
Problem 3 Adding a new library breaks build Symptom: Build
failure © Edward Dale, 2017 27
Problem 3 Adding a new library breaks build Symptom: Build
failure Solution: Google Should only happen with non-Android-specific libraries. Android-specific Libraries can add a ProGuard configuration that should be used. © Edward Dale, 2017 28
The Future we are also working on R8, which is
a Proguard replacement for whole program minification and optimization3 — James Lau, Product Manager 3 https://android-developers.googleblog.com/2017/08/next-generation-dex-compiler-now-in.html © Edward Dale, 2017 29
The Future • D8 is a dexer that converts java
byte code to dex code. • R8 is a java program shrinking and minification tool that converts java byte code to optimized dex code. • R8 is a Proguard replacement for whole-program optimization, shrinking and minification. R8 uses the Proguard keep rule format for specifying the entry points for an application. © Edward Dale, 2017 30
Questions? Edward Dale @scompt Freeletics https://www.freeletics.com © Edward Dale, 2017
31
Citations • http://knowyourmeme.com/memes/yao-ming-face-bitch- please © Edward Dale, 2017 32