How to Choose the Best Website Design Company in Dubai?
September 10, 2024
Branex-at-Gitex-Global-2024
Branex Participates at GITEX Global 2024 – The Tech Event Happening in UAE
September 24, 2024

Why & How to Use Proguard in Android Development?

How-to-Use-Proguard-in-Android-Development

Why & How to Use Proguard in Android Development? 

There’s always an upsurge in discussions regarding the significance and use of Proguard within the Android community. However, there are plenty of concerns that we often hear regarding the security aspects & performance optimization of many Android applications. Today, having an APK without proper guard rules can put the overall Android experience at risk. Some of these major risks are other Android developers using decompile and reverse engineering. Once the Android application is reverse engineered, developers can easily access the code resources. They can easily access critical logic functions & data.

However, when proper proguard rules are configured at the backend, it becomes difficult for the Android app to be reverse engineered. It may turn out to be impossible, but proguard obfuscates the code & decreases the chance of it being readable. In today’s article, we are going to talk about all the features and examples associated with proguard in depth and detail. 

The whole idea is to better equip you with the concept of proguard in Android development. 

What Are the Features of Proguard in Android? 

Here’s the complete breakdown of the key features of Proguard in Android: 

Shrinking

ProGuard removes unused classes, methods, and fields from your code. 

It minimizes the size of the app by eliminating unnecessary code that’s never called or referenced, resulting in a more lightweight APK file. Shrinking helps in minimizing the size of APK. 

It applies the shrinking to different classes which includes variables, methods, etc. The Proguard recognizes which class members are used and applies the shrinking process on them, yet at the same time discards every other code. So, let’s say if there is any unused code from the application that requires omitting, shrinking will eventually remove these additional code bundles. 

You can use any APK Analyzer tool of your choice and bundle it with Android Studio to check the code size of the Android build before and after applying proguard rules. 

It will offer you insight on the proguard’s complete compression capabilities.

Android-Displayingbitmap

Optimization

The next step for ProGuard analyzes the code and applies various optimization techniques, such as inlining short methods and removing redundant instructions. For example, it removes any peephole optimizations, reduces code duplication, minimizes inline short & constant methods. 

Preverification

ProGuard performs a pre-verification step for Java classes, making them compatible with the verification process in Android’s runtime environments. Preverification doesn’t require entry points, it simply adds preverification information to classes which is required by certain Java versions. 

Preverification is necessary as it improves the startup time of your Android. 

Obfuscation

As soon as all the unwanted code is removed, proguard begins with obfuscating the code. 

It makes the code tough to read by changing all the classes, classes methods, variable names and other class members renamed to random characters. This way, it does create reference internally, but tightens up the toughness so no hacker can read and understand the business logic behind the code. 

As a result, your Android code remains protected and you don’t face unfortunate situations.  

How to Apply Proguard in Android Backend? 

To apply ProGuard on the Android backend (specifically within your Android app’s backend processing or logic), you need to follow these steps to enable ProGuard during the build process. 

This is typically done during the release build, but you can also configure it for other build types like development or staging.

Modify build. gradle file

ProGuard is applied during the build process by enabling code shrinking and obfuscation in your build.gradle file.

In the app-level build.gradle file, locate the build Types block and apply ProGuard for the desired build type (usually for release builds but can also be applied to other custom build types):

Code Snippet:

android {
    buildTypes {
        release {
            minifyEnabled true  // Enables ProGuard
            shrinkResources true  // Removes unused resources
            proguardFiles getDefaultProguardFile(‘proguard-android-optimize.txt’), ‘proguard-rules.pro’
        }
    }
}

  • minifyEnabled true: Enables ProGuard for shrinking, obfuscating, and optimizing your code.
  • shrinkResources true: Removes unused resources such as images and XML files from the APK.
  • proguardFiles: Specifies the default ProGuard rules and your custom ProGuard rules.

Create or Modify ProGuard Rules (proguard-rules.pro)

ProGuard comes with default rules, but you may need to customize them for your backend logic, especially if your app uses libraries or reflection. These custom rules are added in a file called proguard-rules.pro, located in the project’s root directory.


For example, if you’re using Retrofit or any reflection-based libraries, add rules like:

Code Snippet:

# Retain class members that are used by reflection
-keep class com.example.backend.** { *; }

# Keep classes and methods annotated with @SerializedName
-keepattributes *Annotation*

# Keep all class members for Retrofit
-keep class retrofit2.** { *; }

# Avoid obfuscating classes used in serialization/deserialization
-keepnames class **.R

Testing the Backend with ProGuard Enabled

After ProGuard is enabled, test your app to ensure that the backend logic still functions as expected. ProGuard can sometimes remove code or break functionality if misconfigured, especially if your backend uses reflection or external libraries.

Testing tips:

  • Always test in a Release or Staging environment with ProGuard enabled.
  • Watch out for crashes or missing functionality in areas that rely on dynamic class loading, reflection, or third-party libraries.

Enable ProGuard for Debug Builds (Optional)
If you want to test ProGuard while in development or during debugging, you can enable it for the debug build type in the same way:

Code Snippet:

android {
    buildTypes {
        debug {
            minifyEnabled true  // Enables ProGuard in debug mode
            proguardFiles getDefaultProguardFile(‘proguard-android-optimize.txt’), ‘proguard-rules.pro’
        }
    }
}

By following these steps, ProGuard will apply optimizations, shrink your backend code, and obfuscate sensitive parts of the app, making it more efficient and secure.

Once, you have applied Proguard and made a clean build, here are few essential files you need to make: 

“Mapping.txt” 

During the obfuscation process, class & member names are altered, this file serves as a reference to track the changes. It provides a mapping of the original names to their obfuscated counterparts, including classes, methods & variables. It allows you to trace how your code was modified after the obfuscation step. 

“Seeds.txt” 

This file contains a list of classes that were excluded from obfuscation. If certain parts of the code were specified to be left untouched in your proguard-rules.pro file, they will appear here. It’s a useful tool for verifying that the rules you applied worked as expected, ensuring that important code wasn’t obfuscated. Instead of relying solely on ProGuard, checking this file is a good way to ensure critical elements remain protected.

“Usage.txt”  

This file shows all the code that ProGuard removed during the shrinking step, such as unused or unreferenced classes and methods. It’s essential to review this file to ensure that only unnecessary code was stripped away, and nothing important was accidentally removed. Misconfigurations in ProGuard can cause issues or crashes in release builds, so it’s wise to double-check here for accuracy.

Concluding Thoughts 

ProGuard is a must-have tool for optimizing and securing your Android app. It reduces app size, boosts performance, and protects your code from reverse engineering. 

By carefully configuring ProGuard rules, you can reduce the risk of reverse engineering and tampering while simultaneously optimizing the app’s size and speed. 

From shrinking unused code and resources to obfuscating sensitive logic, ProGuard ensures that your Android app remains efficient and secure without compromising on functionality. 

If you don’t want to leave your app vulnerable, it’s best to configure Proguard at the backend today. 

Ashad Ubaid
Ashad Ubaid
Ashad Ubaid Ur Rehman is a Digital Content Producer at Branex. He has worked on several platforms. He has ample amount of experience in writing content on SaaS products, social media marketing, content marketing, technology & gadgets, online/offline gaming, affiliate marketing reviews, search engine optimization, productivity & leadership. He is a skilled and talented individual with all the perks of being a hallmark writer.

Comments are closed.