To prevent your
android app from decompilation and analyzation it is highly
recommended to obfuscate the APK file before deployment to play
store. Proguard is the proposed tool for this job and already
contained in the SDK.
To use Proguard
with an Android application a special configuration is required. The
JDC already contains an example for a simple Android app. But in
combination with Roboguice dependency injection or Gson JSON
serialization an extended configuration is required.
Roboguice
If you choose
Roboguice for dependency injection in you android app, I recommend to
use only the obfuscation functions of Proguard. Also make sure the
Roboguice classes are not obfuscated and attributes are not changed.
Try the following example configuration:
-ignorewarnings
-dontshrink
-keep class roboguice.** { *; }
-keepattributes *Annotation*
-keep public class roboguice.** { *; }
-keep class **.Finalizer
-keepclassmembers class ** { *** startFinalizer( ... ); }
-keepclassmembers class * {
void *(**On*Event);
}
-keepattributes **
GSON JSON serialization
The
serialization of java objects makes often problems in combination
with obfuscation. The produce a consistent object serialization it is
required to prevent attribute names of objects and enumerations from
obfuscation.
One possibility
is to use @SerializedName annotation do set a static name for an
attribute, which is not affected from obfuscation.
class TestObject {
@SerializedName("staticName")
private String testField;
}
An other solution is the usage of a marker interface e.g. GsonSerializable:
public interface GsonSerializable {}
Use this
interface to mark classes and enumerations which should be serialized
by Gson. The following pro guard configuration ensures that the
deserialize objects are always serialized in the same way:
# keep GsonSerializable interface, it would be thrown away by proguard since it is empty
-keep class de.havre.copymeter.model.GsonSerializable
# member fields of serialized classes, including enums that implement this interface
-keepclassmembers class * implements de.havre.copymeter.model.GsonSerializable {
<fields>;
}
# also keep names of these classes. not required, but just in case.
-keepnames class * implements de.havre.copymeter.model.GsonSerializable
Links
https://sites.google.com/site/gson/https://github.com/roboguice/roboguice/
http://proguard.sourceforge.net/