Droidcon Berlin, profile picture
Uploaded byDroidcon Berlin
3,109 views

Droidcon2013 pro guard, optimizer and obfuscator in the android sdk_eric lafortune_saikoa

ProGuard is an open source tool that optimizes and obfuscates Java bytecode. It can shrink code size by removing unused classes, fields, and methods. It optimizes code through optimizations like constant propagation and method inlining. It obfuscates code by renaming classes, fields, and methods to obscure their purpose. ProGuard is included in the Android SDK and can help protect Android apps from reverse engineering.

Embed presentation

Downloaded 81 times
ProGuard Optimizer and Obfuscator in the Android SDK Eric Lafortune Developer of ProGuard
Eric Lafortune ● 1991 – 1996 K.U.Leuven (Belgium), Phd Eng CompSci ● 1996 – 1999 Cornell University (Ithaca, NY) ● 1999 – 2011 Java GIS ● 2012 Founder Saikoa Maybe more importantly: ● 1982 TMS-9900 processor ● 1995 ARM2/ARM3 processor ● 2001 Java bytecode ● 2010 Dalvik bytecode
ProGuard Open source Generic Shrinker Optimizer Obfuscator For Java bytecode
ProGuard history Java applications Applets 2002 Midlets 2010 2012 Android apps ● May 2002 First release ● Sep 2010 Recommended for protecting LVL ● Dec 2010 Part of Android SDK ● Jan 2012 Startup Saikoa
Why use ProGuard? ● Application size ● Performance ● Remove logging, debugging, testing code ● Battery life ● Protection
Application size classes.dex size .apk size Without ProGuard With ProGuard Reduction Without ProGuard With ProGuard Reduction ApiDemos 716 K 482 K 33 % 2.6 M 2.5 M 4 % GoogleIO App 3.4 M 905 K 75 % 1.9 M 906 K 53 % ApiDemos in Scala* ~6 M 542 K ~90 % ~8 M 2.5 M ~70 % * [Stéphane Micheloud, http://lampwww.epfl.ch/~michelou/android/library-code-shrinking.html]
Performance: CaffeineMark Without ProGuard Sieve score = 6833 Loop score = 14831 Logic score = 19038 String score = 7694 Float score = 6425 Method score = 4850 Overall score = 8794 With ProGuard Sieve score = 6666 Loop score = 15473 Logic score = 47840 String score = 7717 Float score = 6488 Method score = 5229 Overall score = 10436 Improvement: 18% [Acer Iconia Tab A500, nVidia Tegra 2, 1.0 GHz, Android 3.2.1]
Battery life Extreme example: “5 x better battery life, by removing verbose logging code in a background service” (but don't count on it)
How to enable ProGuard? project.properties: → only applied when building release versions # To enable ProGuard to shrink and obfuscate your code, uncomment this #proguard.config= ${sdk.dir}/tools/proguard/proguard-android.txt: proguard-project.txt Tip
Shrinking Also called treeshaking, minimizing, shrouding
Shrinking ● Classes, fields, methods
Entry points 1) Activities, applications, services, fragments,... → provided automatically by Android build process -keep public class * extends android.app.Activity -keep public class * extends android.app.Application -keep public class * extends android.app.Service …
Entry points 2) Introspection, e.g. Guice, RoboGuice → must be specified in proguard-project.txt: -keepclassmembers class * { @javax.inject.** <fields>; @com.google.inject.** <fields>; @roboguice.** <fields>; @roboguice.event.Observes <methods>; } Tip
Notes and warnings “Closed-world assumption” → if debug build works fine, then ok to ignore in proguard-project.txt: Warning: com.dropbox.client2.DropboxAPI: can't find referenced class org.json.simple.JSONArray -dontwarn twitter4j.internal.logging.** -dontwarn com.dropbox.client2.** Warning: twitter4j.internal.logging.Log4JLoggerFactory: can't find referenced class org.apache.log4j.Logger Warning: twitter4j.internal.logging.SLF4JLoggerFactory: can't find referenced class org.slf4j.LoggerFactory ... Tip
Optimization At the bytecode instruction level: ● Dead code elimination ● Constant propagation ● Method inlining ● Class merging ● Remove logging code ● Peephole optimizations ● Devirtualization ● ...
Optimization example int answer = computeAnswer(1, 2, 3, 7); int computeAnswer(int f1, int f2, int f3, int f4) { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { return computeAnswer(f1 * f2, f3, f4, 1); } }
Optimization example int answer = computeAnswer(1, 2, 3, 7); int computeAnswer(int f1, int f2, int f3, int f4) { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { return computeAnswer(f1 * f2, f3, f4, 1); } } int computeAnswer(int f1, int f2, int f3, int f4) { do { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1; } } while (true); }
Optimization example int answer = computeAnswer(1, 2, 3, 7); int computeAnswer(int f1, int f2, int f3, int f4) { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { return computeAnswer(f1 * f2, f3, f4, 1); } } int computeAnswer(int f1, int f2, int f3, int f4) { do { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1; } } while (true); } 1 2 3 7
Optimization example int answer = computeAnswer(1, 2, 3, 7); int computeAnswer(int f1, int f2, int f3, int f4) { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { return computeAnswer(f1 * f2, f3, f4, 1); } } int computeAnswer(int f1, int f2, int f3, int f4) { do { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1; } } while (true); } int computeAnswer() { return 42; }
Optimization example int answer = computeAnswer(1, 2, 3, 7); int computeAnswer(int f1, int f2, int f3, int f4) { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { return computeAnswer(f1 * f2, f3, f4, 1); } } int computeAnswer(int f1, int f2, int f3, int f4) { do { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1; } } while (true); } int computeAnswer() { return 42; } int answer = 42;
How to enable optimization? project.properties: # To enable ProGuard to shrink and obfuscate your code, uncomment this proguard.config= ${sdk.dir}/tools/proguard/proguard-android-optimize.txt: proguard-project.txt Tip
Remove logging code Specify assumptions in proguard-project.txt: -assumenosideeffects class android.util.Log { public static boolean isLoggable(java.lang.String, int); public static int v(...); public static int i(...); public static int w(...); public static int d(...); public static int e(...); public static java.lang.String getStackTraceString (java.lang.Throwable); } Tip
Obfuscation Traditional name obfuscation: ● Rename identifiers: class/field/method names ● Remove debug information: line numbers, local variable names,...
Obfuscation public class MyComputationClass { private MySettings settings; private MyAlgorithm algorithm; private int answer; public int computeAnswer(int input) { … return answer; } }
Obfuscation public class MyComputationClass { private MySettings settings; private MyAlgorithm algorithm; private int answer; public int computeAnswer(int input) { … return answer; } } public class a { private b a; private c b; private int c; public int a(int a) { … return c; } }
Complementary steps Optimization Obfuscation Irreversibly remove information
ProGuard guide – Android SDK developer.android.comdeveloper.android.com
ProGuard website proguard.sourceforge.netproguard.sourceforge.net
ProGuard manual proguard.sourceforge.netproguard.sourceforge.net Tip
Startup: Saikoa ProGuard ProGuard support DexGuard
ProGuard - DexGuard Open source Generic Shrinker Optimizer Obfuscator For Java bytecode Closed source Specialized Shrinker Optimizer Obfuscator Protector For Android Compatible
Hacking and cracking ● Anti-malware research ● Reverse-engineering protocols, formats,... ● Fun ● Translation ● Game cheating ● Software piracy ● Remove ads ● Different ads ● Different market ● Extract assets ● Extract API keys ● Insert malware ● Extorsion ● ...
Solutions? ● Ignore it ● Different business model (open source, service) ● Regular updates ● Lock down device ● Server ● Remove motivations ● Obfuscation, application protection
More application protection Nothing is unbreakable, but you can raise the bar: ● Reflection ● String encryption ● Class encryption ● Resource obfuscation ● Tamper detection ● Debug detection ● Emulator detection ● … → Automatically applied by DexGuard
DexGuard strategy ● Tight integration ● Multiple layers ● Unique protection for every application ● Follow up
DexGuard reactions “My app usually gets pirated after a few hours, but now it hasn't been pirated after several weeks, thanks to DexGuard!” “Installation was simple.” “The support is fantastic.” “I'm enjoying DexGuard.” “Support from Saikoa is awesome!” “You're doing an awesome job!”
Saikoa website www.saikoa.comwww.saikoa.com
Questions? Open source Shrinking Optimization Obfuscation Java bytecode ProGuard Saikoa DexGuard Dalvik bytecode Protection

More Related Content

PPTX
Introduction to android coding
byHari Krishna
 
PDF
Building maintainable app
byKristijan Jurković
 
PDF
Building Modern Apps using Android Architecture Components
byHassan Abid
 
PDF
Android Test Automation Workshop
byEduardo Carrara de Araujo
 
PDF
Commit University - Exploring Angular 2
byCommit University
 
PDF
Mastering the NDK with Android Studio 2.0 and the gradle-experimental plugin
byXavier Hallade
 
PPTX
Android Tutorials - Powering with Selection Widget
byPrajyot Mainkar
 
PPTX
Testing android apps with espresso
byÉdipo Souza
 
Introduction to android coding
byHari Krishna
 
Building maintainable app
byKristijan Jurković
 
Building Modern Apps using Android Architecture Components
byHassan Abid
 
Android Test Automation Workshop
byEduardo Carrara de Araujo
 
Commit University - Exploring Angular 2
byCommit University
 
Mastering the NDK with Android Studio 2.0 and the gradle-experimental plugin
byXavier Hallade
 
Android Tutorials - Powering with Selection Widget
byPrajyot Mainkar
 
Testing android apps with espresso
byÉdipo Souza
 

What's hot

PDF
Using hilt in a modularized project
byFabio Collini
 
PDF
Reverse Engineering 안드로이드 학습
bySungju Jin
 
PDF
Building an app with Google's new suites
byToru Wonyoung Choi
 
PDF
Android Lab
byLeo Nguyen
 
PPTX
Mobile Worshop Lab guide
byMan Chan
 
DOCX
Android xml-based layouts-chapter5
byDr. Ramkumar Lakshminarayanan
 
PDF
The Glass Class - Tutorial 3 - Android and GDK
byGun Lee
 
ODP
Day 6
byVivek Bhusal
 
PDF
Android studio
byAndri Yabu
 
PDF
Next Step, Android Studio!
byÉdipo Souza
 
PPTX
Angular2 + rxjs
byChristoffer Noring
 
PDF
Day 5
byVivek Bhusal
 
PDF
PROMAND 2014 project structure
byAlexey Buzdin
 
PDF
Pavlo Zhdanov "Java and Swift: How to Create Applications for Automotive Head...
byLogeekNightUkraine
 
PPTX
How to create android applications
byTOPS Technologies
 
PDF
Exploring CameraX from JetPack
byHassan Abid
 
PDF
Jetpack, with new features in 2021 GDG Georgetown IO Extended
byToru Wonyoung Choi
 
PDF
Device fragmentation vs clean code
byIordanis (Jordan) Giannakakis
 
PDF
Automated Historical Performance Analysis with kmemtracer
byKyungmin Lee
 
PDF
Angular 2 - The Next Framework
byCommit University
 
Using hilt in a modularized project
byFabio Collini
 
Reverse Engineering 안드로이드 학습
bySungju Jin
 
Building an app with Google's new suites
byToru Wonyoung Choi
 
Android Lab
byLeo Nguyen
 
Mobile Worshop Lab guide
byMan Chan
 
Android xml-based layouts-chapter5
byDr. Ramkumar Lakshminarayanan
 
The Glass Class - Tutorial 3 - Android and GDK
byGun Lee
 
Day 6
byVivek Bhusal
 
Android studio
byAndri Yabu
 
Next Step, Android Studio!
byÉdipo Souza
 
Angular2 + rxjs
byChristoffer Noring
 
Day 5
byVivek Bhusal
 
PROMAND 2014 project structure
byAlexey Buzdin
 
Pavlo Zhdanov "Java and Swift: How to Create Applications for Automotive Head...
byLogeekNightUkraine
 
How to create android applications
byTOPS Technologies
 
Exploring CameraX from JetPack
byHassan Abid
 
Jetpack, with new features in 2021 GDG Georgetown IO Extended
byToru Wonyoung Choi
 
Device fragmentation vs clean code
byIordanis (Jordan) Giannakakis
 
Automated Historical Performance Analysis with kmemtracer
byKyungmin Lee
 
Angular 2 - The Next Framework
byCommit University
 

Viewers also liked

PDF
Sperasoft talks: Android Security Threats
bySperasoft
 
PDF
Empirical Results on Cloning and Clone Detection
byFörderverein Technische Fakultät
 
PDF
An Execution-Semantic and Content-and-Context-Based Code-Clone Detection and ...
byKamiya Toshihiro
 
PDF
Clone detection in Python
byValerio Maggio
 
PDF
Google guava - almost everything you need to know
byTomasz Dziurko
 
PDF
Android Malware Detection Mechanisms
byTalha Kabakus
 
PDF
자바8 람다식 소개
bybeom kyun choi
 
PDF
AVG Android App Performance Report by AVG Technologies
byAVG Technologies
 
PDF
Google Guava for cleaner code
byMite Mitreski
 
Sperasoft talks: Android Security Threats
bySperasoft
 
Empirical Results on Cloning and Clone Detection
byFörderverein Technische Fakultät
 
An Execution-Semantic and Content-and-Context-Based Code-Clone Detection and ...
byKamiya Toshihiro
 
Clone detection in Python
byValerio Maggio
 
Google guava - almost everything you need to know
byTomasz Dziurko
 
Android Malware Detection Mechanisms
byTalha Kabakus
 
자바8 람다식 소개
bybeom kyun choi
 
AVG Android App Performance Report by AVG Technologies
byAVG Technologies
 
Google Guava for cleaner code
byMite Mitreski
 

Similar to Droidcon2013 pro guard, optimizer and obfuscator in the android sdk_eric lafortune_saikoa

PDF
Eric Lafortune - ProGuard: Optimizer and obfuscator in the Android SDK
byGuardSquare
 
PDF
Eric Lafortune - ProGuard: Optimizer and obfuscator in the Android SDK
byGuardSquare
 
PDF
OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric l...
byParis Open Source Summit
 
PDF
Eric Lafortune - ProGuard: Optimizer and obfuscator in the Android SDK
byGuardSquare
 
PDF
Eric Lafortune - ProGuard and DexGuard for optimization and protection
byGuardSquare
 
PPTX
Proguard android
byBhavya Rattan
 
PPTX
Performance #5 cpu and battery
byVitali Pekelis
 
PDF
ProGuard / DexGuard Tips and Tricks
bynetomi
 
PDF
Priming Java for Speed at Market Open
byAzul Systems Inc.
 
PPT
The bytecode hocus pocus - JavaOne 2016
byRaimon Ràfols
 
KEY
Java Performance MythBusters
bySebastian Zarnekow
 
PDF
Eric Lafortune - The Jack and Jill build system
byGuardSquare
 
PDF
Android App Performance
byAltaf ur Rehman
 
PPTX
Decompiling Android
byGodfrey Nolan
 
ODP
The Art of Writing Efficient Software
byRalf Holly
 
PDF
Pragmatic Optimization in Modern Programming - Ordering Optimization Approaches
byMarina Kolpakova
 
PDF
ProGuard
byTomáš Kypta
 
PPT
The bytecode mumbo-jumbo
byRaimon Ràfols
 
PPTX
Reverse engineering android apps
byPranay Airan
 
PDF
Java performance
byRajesuwer P. Singaravelu
 
Eric Lafortune - ProGuard: Optimizer and obfuscator in the Android SDK
byGuardSquare
 
Eric Lafortune - ProGuard: Optimizer and obfuscator in the Android SDK
byGuardSquare
 
OWF12/PAUG Conf Days Pro guard optimizer and obfuscator for android, eric l...
byParis Open Source Summit
 
Eric Lafortune - ProGuard: Optimizer and obfuscator in the Android SDK
byGuardSquare
 
Eric Lafortune - ProGuard and DexGuard for optimization and protection
byGuardSquare
 
Proguard android
byBhavya Rattan
 
Performance #5 cpu and battery
byVitali Pekelis
 
ProGuard / DexGuard Tips and Tricks
bynetomi
 
Priming Java for Speed at Market Open
byAzul Systems Inc.
 
The bytecode hocus pocus - JavaOne 2016
byRaimon Ràfols
 
Java Performance MythBusters
bySebastian Zarnekow
 
Eric Lafortune - The Jack and Jill build system
byGuardSquare
 
Android App Performance
byAltaf ur Rehman
 
Decompiling Android
byGodfrey Nolan
 
The Art of Writing Efficient Software
byRalf Holly
 
Pragmatic Optimization in Modern Programming - Ordering Optimization Approaches
byMarina Kolpakova
 
ProGuard
byTomáš Kypta
 
The bytecode mumbo-jumbo
byRaimon Ràfols
 
Reverse engineering android apps
byPranay Airan
 
Java performance
byRajesuwer P. Singaravelu
 

More from Droidcon Berlin

PDF
Droidcon de 2014 google cast
byDroidcon Berlin
 
PDF
Android programming -_pushing_the_limits
byDroidcon Berlin
 
PDF
crashing in style
byDroidcon Berlin
 
PDF
Raspberry Pi
byDroidcon Berlin
 
PDF
Android industrial mobility
byDroidcon Berlin
 
PDF
Details matter in ux
byDroidcon Berlin
 
PDF
From sensor data_to_android_and_back
byDroidcon Berlin
 
PDF
droidparts
byDroidcon Berlin
 
PDF
new_age_graphics_android_x86
byDroidcon Berlin
 
PDF
5 tips of monetization
byDroidcon Berlin
 
PDF
Testing and Building Android
byDroidcon Berlin
 
PDF
Matchinguu droidcon presentation
byDroidcon Berlin
 
PDF
Cgm life sdk_droidcon_2014_v3
byDroidcon Berlin
 
PDF
The artofcalabash peterkrauss
byDroidcon Berlin
 
PDF
Raesch, gries droidcon 2014
byDroidcon Berlin
 
PDF
Android open gl2_droidcon_2014
byDroidcon Berlin
 
PDF
20140508 quantified self droidcon
byDroidcon Berlin
 
PDF
Tuning android for low ram devices
byDroidcon Berlin
 
PDF
Froyo to kit kat two years developing & maintaining deliradio
byDroidcon Berlin
 
PDF
Droidcon2013 security genes_trendmicro
byDroidcon Berlin
 
Droidcon de 2014 google cast
byDroidcon Berlin
 
Android programming -_pushing_the_limits
byDroidcon Berlin
 
crashing in style
byDroidcon Berlin
 
Raspberry Pi
byDroidcon Berlin
 
Android industrial mobility
byDroidcon Berlin
 
Details matter in ux
byDroidcon Berlin
 
From sensor data_to_android_and_back
byDroidcon Berlin
 
droidparts
byDroidcon Berlin
 
new_age_graphics_android_x86
byDroidcon Berlin
 
5 tips of monetization
byDroidcon Berlin
 
Testing and Building Android
byDroidcon Berlin
 
Matchinguu droidcon presentation
byDroidcon Berlin
 
Cgm life sdk_droidcon_2014_v3
byDroidcon Berlin
 
The artofcalabash peterkrauss
byDroidcon Berlin
 
Raesch, gries droidcon 2014
byDroidcon Berlin
 
Android open gl2_droidcon_2014
byDroidcon Berlin
 
20140508 quantified self droidcon
byDroidcon Berlin
 
Tuning android for low ram devices
byDroidcon Berlin
 
Froyo to kit kat two years developing & maintaining deliradio
byDroidcon Berlin
 
Droidcon2013 security genes_trendmicro
byDroidcon Berlin
 

Recently uploaded

PPTX
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
Protecting Data in an AI Driven World - Cybersecurity in 2026
byYasir Naveed Riaz
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
The year in review - MarvelClient in 2025
bypanagenda
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
API-First Architecture in Financial Systems
bycyy111112
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 

Droidcon2013 pro guard, optimizer and obfuscator in the android sdk_eric lafortune_saikoa

  • 1.
    ProGuard Optimizer and Obfuscator inthe Android SDK Eric Lafortune Developer of ProGuard
  • 2.
    Eric Lafortune ● 1991 –1996 K.U.Leuven (Belgium), Phd Eng CompSci ● 1996 – 1999 Cornell University (Ithaca, NY) ● 1999 – 2011 Java GIS ● 2012 Founder Saikoa Maybe more importantly: ● 1982 TMS-9900 processor ● 1995 ARM2/ARM3 processor ● 2001 Java bytecode ● 2010 Dalvik bytecode
  • 3.
  • 4.
    ProGuard history Java applications Applets 2002 Midlets 20102012 Android apps ● May 2002 First release ● Sep 2010 Recommended for protecting LVL ● Dec 2010 Part of Android SDK ● Jan 2012 Startup Saikoa
  • 5.
    Why use ProGuard? ● Applicationsize ● Performance ● Remove logging, debugging, testing code ● Battery life ● Protection
  • 6.
    Application size classes.dex size.apk size Without ProGuard With ProGuard Reduction Without ProGuard With ProGuard Reduction ApiDemos 716 K 482 K 33 % 2.6 M 2.5 M 4 % GoogleIO App 3.4 M 905 K 75 % 1.9 M 906 K 53 % ApiDemos in Scala* ~6 M 542 K ~90 % ~8 M 2.5 M ~70 % * [Stéphane Micheloud, http://lampwww.epfl.ch/~michelou/android/library-code-shrinking.html]
  • 7.
    Performance: CaffeineMark Without ProGuard Sievescore = 6833 Loop score = 14831 Logic score = 19038 String score = 7694 Float score = 6425 Method score = 4850 Overall score = 8794 With ProGuard Sieve score = 6666 Loop score = 15473 Logic score = 47840 String score = 7717 Float score = 6488 Method score = 5229 Overall score = 10436 Improvement: 18% [Acer Iconia Tab A500, nVidia Tegra 2, 1.0 GHz, Android 3.2.1]
  • 8.
    Battery life Extreme example: “5x better battery life, by removing verbose logging code in a background service” (but don't count on it)
  • 9.
    How to enableProGuard? project.properties: → only applied when building release versions # To enable ProGuard to shrink and obfuscate your code, uncomment this #proguard.config= ${sdk.dir}/tools/proguard/proguard-android.txt: proguard-project.txt Tip
  • 10.
  • 11.
  • 12.
    Entry points 1) Activities,applications, services, fragments,... → provided automatically by Android build process -keep public class * extends android.app.Activity -keep public class * extends android.app.Application -keep public class * extends android.app.Service …
  • 13.
    Entry points 2) Introspection,e.g. Guice, RoboGuice → must be specified in proguard-project.txt: -keepclassmembers class * { @javax.inject.** <fields>; @com.google.inject.** <fields>; @roboguice.** <fields>; @roboguice.event.Observes <methods>; } Tip
  • 14.
    Notes and warnings “Closed-worldassumption” → if debug build works fine, then ok to ignore in proguard-project.txt: Warning: com.dropbox.client2.DropboxAPI: can't find referenced class org.json.simple.JSONArray -dontwarn twitter4j.internal.logging.** -dontwarn com.dropbox.client2.** Warning: twitter4j.internal.logging.Log4JLoggerFactory: can't find referenced class org.apache.log4j.Logger Warning: twitter4j.internal.logging.SLF4JLoggerFactory: can't find referenced class org.slf4j.LoggerFactory ... Tip
  • 15.
    Optimization At the bytecodeinstruction level: ● Dead code elimination ● Constant propagation ● Method inlining ● Class merging ● Remove logging code ● Peephole optimizations ● Devirtualization ● ...
  • 16.
    Optimization example int answer= computeAnswer(1, 2, 3, 7); int computeAnswer(int f1, int f2, int f3, int f4) { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { return computeAnswer(f1 * f2, f3, f4, 1); } }
  • 17.
    Optimization example int answer= computeAnswer(1, 2, 3, 7); int computeAnswer(int f1, int f2, int f3, int f4) { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { return computeAnswer(f1 * f2, f3, f4, 1); } } int computeAnswer(int f1, int f2, int f3, int f4) { do { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1; } } while (true); }
  • 18.
    Optimization example int answer= computeAnswer(1, 2, 3, 7); int computeAnswer(int f1, int f2, int f3, int f4) { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { return computeAnswer(f1 * f2, f3, f4, 1); } } int computeAnswer(int f1, int f2, int f3, int f4) { do { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1; } } while (true); } 1 2 3 7
  • 19.
    Optimization example int answer= computeAnswer(1, 2, 3, 7); int computeAnswer(int f1, int f2, int f3, int f4) { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { return computeAnswer(f1 * f2, f3, f4, 1); } } int computeAnswer(int f1, int f2, int f3, int f4) { do { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1; } } while (true); } int computeAnswer() { return 42; }
  • 20.
    Optimization example int answer= computeAnswer(1, 2, 3, 7); int computeAnswer(int f1, int f2, int f3, int f4) { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { return computeAnswer(f1 * f2, f3, f4, 1); } } int computeAnswer(int f1, int f2, int f3, int f4) { do { if (f2 == 1 && f3 == 1 && f4 == 1) { return f1; } else { f1 = f1 * f2; f2 = f3, f3 = f4, f4 = 1; } } while (true); } int computeAnswer() { return 42; } int answer = 42;
  • 21.
    How to enableoptimization? project.properties: # To enable ProGuard to shrink and obfuscate your code, uncomment this proguard.config= ${sdk.dir}/tools/proguard/proguard-android-optimize.txt: proguard-project.txt Tip
  • 22.
    Remove logging code Specifyassumptions in proguard-project.txt: -assumenosideeffects class android.util.Log { public static boolean isLoggable(java.lang.String, int); public static int v(...); public static int i(...); public static int w(...); public static int d(...); public static int e(...); public static java.lang.String getStackTraceString (java.lang.Throwable); } Tip
  • 23.
    Obfuscation Traditional name obfuscation: ● Renameidentifiers: class/field/method names ● Remove debug information: line numbers, local variable names,...
  • 24.
    Obfuscation public class MyComputationClass{ private MySettings settings; private MyAlgorithm algorithm; private int answer; public int computeAnswer(int input) { … return answer; } }
  • 25.
    Obfuscation public class MyComputationClass{ private MySettings settings; private MyAlgorithm algorithm; private int answer; public int computeAnswer(int input) { … return answer; } } public class a { private b a; private c b; private int c; public int a(int a) { … return c; } }
  • 26.
  • 27.
    ProGuard guide –Android SDK developer.android.comdeveloper.android.com
  • 28.
  • 29.
  • 30.
  • 31.
    ProGuard - DexGuard Opensource Generic Shrinker Optimizer Obfuscator For Java bytecode Closed source Specialized Shrinker Optimizer Obfuscator Protector For Android Compatible
  • 32.
    Hacking and cracking ● Anti-malwareresearch ● Reverse-engineering protocols, formats,... ● Fun ● Translation ● Game cheating ● Software piracy ● Remove ads ● Different ads ● Different market ● Extract assets ● Extract API keys ● Insert malware ● Extorsion ● ...
  • 33.
    Solutions? ● Ignore it ● Different businessmodel (open source, service) ● Regular updates ● Lock down device ● Server ● Remove motivations ● Obfuscation, application protection
  • 34.
    More application protection Nothingis unbreakable, but you can raise the bar: ● Reflection ● String encryption ● Class encryption ● Resource obfuscation ● Tamper detection ● Debug detection ● Emulator detection ● … → Automatically applied by DexGuard
  • 35.
    DexGuard strategy ● Tight integration ● Multiplelayers ● Unique protection for every application ● Follow up
  • 36.
    DexGuard reactions “My appusually gets pirated after a few hours, but now it hasn't been pirated after several weeks, thanks to DexGuard!” “Installation was simple.” “The support is fantastic.” “I'm enjoying DexGuard.” “Support from Saikoa is awesome!” “You're doing an awesome job!”
  • 37.
  • 38.