Geek Answers Handbook

Is Android Proguard the best practice for all third-party libraries?

I am setting up Proguard for an application that uses third-party libraries. Is this "best practice" (to avoid future hard-to-reach errors) to include a line:

-keep class 3rd_party_lib_name.** {*;}

for each individual third-party open source library that does not have specific Proguard instructions from its developer?

Also, a related question: is there a general rule for which cases I should use

 -keep class

and in what cases should i use

 -keep public class

thank you very much

+4
source share
2 answers

The main problem with obfuscating proguard and code in the general case is changing the class name, methods and fields. (i.e. myExplicitMethodName() became a() )

When a class name, method name or field changes, you cannot access it using the reflection API (i.e. Class.classForName(...) , ...)

Knowing that it is best to use -keep all classes and libraries that can be called using the reflection API.

For third-party libraries, if you donโ€™t know if they use the API or not: then -keep

For your own code: I hope you know in which classes you use it. So use -keep for these classes.

Note that some popular frameworks, such as a dagger or jackson, use the reflection API on your own classes, so if you use them, be careful!

+6
source

The fewer options -keep you can use, the better your results will be in terms of optimization and obfuscation. If you donโ€™t have time to find the best configuration, you can use a more conservative approach. The most conservative solution is to save all classes, fields and methods in the library, so any internal reflection will continue to work:

 -keep class 3rd_party_lib_name.** {*;}

Slightly less conservative, but usually enough: save all public APIs:

 -keep public class 3rd_party_lib_name.** { public *; }

Even less conservative: keep only public classes, but not necessarily their fields or methods:

 -keep public class 3rd_party_lib_name.**

Some experiments may go the way.

As ben75 mentions, this does not take into account third-party libraries that reflect your own code.

+3
source

More articles:


All Articles