ProGuard is a tool that optimizes and obfuscates Android apps. It shrinks apps by removing unused code and renaming classes, fields, and methods. This results in smaller APK sizes and makes apps harder to reverse engineer. When using ProGuard, developers must carefully configure exclusion rules to prevent needed code from being removed. Mapping files generated during builds help map obfuscated code back to original names for debugging issues.

1. PROGUARD - ANDROID
By Bhavya Rattan

2. What is Proguard ?
ProGuard is a free Java class file shrinker, optimizer,
obfuscator, and preverifier. It detects and removes
unused classes, fields, methods, and attributes. It
optimizes bytecode and removes unused instructions.
It renames the remaining classes, fields, and methods
using short meaningless names.

3. Why Proguard ?
● The result is a smaller sized .apk file.
● Making programs and libraries harder to reverse-
engineer.
● Use it when your application utilizes features that
are sensitive to security like when you are
Licensing Your Applications.

4. Basic Funda
Difficult to reverse Engineer .apk +
Smaller Code

5. Implementation
Set
minifyEnabled
true in app’s
build.gradle for
buildType :
release
Point to ponder : The getDefaultProguardFile('proguard-android.txt') method obtains the default ProGuard settings from the
Android SDK tools/proguard/ folder. The proguard-android-optimize.txt file is also available in this Android SDK folder
with the same rules but with optimizations enabled. ProGuard optimizations perform analysis at the bytecode level, inside
and across methods to help make your app smaller and run faster.

6. Key Issues
faced while
configuration
It’s not that easy to implement
proguard in a real time project as
Android Developer guys say in
their guide.
Many situations are hard for
ProGuard to analyze correctly and it
might remove code that it thinks is
not used, but your application
actually needs. Some examples
include:
A class that is referenced only in the
AndroidManifest.xml file.
Methods used and referenced by
Third party libraries and jars.
Dynamically referenced fields and
methods.

7. The default ProGuard configuration file
tries to cover general cases, but you might
encounter exceptions such as :
ClassNotFoundException, which happens
when ProGuard strips away an entire class
that your application calls.
You can fix errors when ProGuard strips
away your code by adding a -keep line in
the ProGuard configuration file. For
example:
-keep public class <MyClass>
Some Quick Fixes

9. See what we got,
just checkout
proguard support
for retrofit and
modify your
proguard-rules.pro
accordingly.
Similarly you can resolve
proguard warnings for other third
party libraries in your project, in
case you get stuck.

14. My Project’s
Proguard file

15. Final Output….Yeah you did it, but let’s cross
check a few things !!!
Checkpoints :
● Ensure that mapping folder is generated at : Project →
app → build → outputs → mapping
● Mapping folder must contain a release folder with
following files :
○ dump.txt
○ mapping.txt
○ seeds.txt
○ usage.txt
Save the mapping.txt file for every release that you publish to
your users. By retaining a copy of the mapping.txt file for each
release build, you ensure that you can debug a problem if a user
encounters a bug and submits an obfuscated stack trace. A
project's mapping.txt file is overwritten every time you do a
release build, so you must be careful about saving the versions
that you need.

16. Decoding Obfuscated Stack Traces
When your obfuscated code outputs a stack trace, the method names are obfuscated, which
makes debugging hard, if not impossible. Fortunately, whenever ProGuard runs, it outputs a
mapping.txt file, which shows you the original class, method, and field names mapped to their
obfuscated names.
The retrace.bat script on Windows or the retrace.sh script on Linux or Mac OS X can convert an
obfuscated stack trace to a readable one. It is located in the <sdk_root>/tools/proguard/ directory.
The syntax for executing the retrace tool is:
For example:
If you do not specify a value for <stacktrace_file>, the retrace tool reads from standard input.
retrace.bat|retrace.sh [-verbose] mapping.txt [<stacktrace_file>]
retrace.bat -verbose mapping.txt obfuscated_trace.txt

17. Got stuck somewhere, here are
the quick links to help you out !!!
● https://stuff.mit.edu/afs/sipb/project/android
/sdk/android-sdk-
linux/tools/proguard/docs/index.html#manu
al/troubleshooting.html
● https://android.googlesource.com/platform/
sdk/+/android-4.1.2_r2/files/proguard-
android.txt
● http://omgitsmgp.com/2013/09/09/a-
conservative-guide-to-proguard-for-
android/
● https://gist.github.com/Jackgris/c4a71328b
1ae346cba04
● https://github.com/krschultz/android-

18. What we accomplished
➢Optimized apk that can’t be reverse engineered
➢.apk size without proguard : 21.46 MB
➢.apk size with proguard : 19.36 MB
➢Percentage reduction : 9.78 %
Apk links for verification of facts :
Treats Runner with proguard : https://www.distributeapps.com/droidapp/treats_runner_proguard-
3XpgZOedEQ5wyX1-10022016055650/home.php
Treats Runner without proguard : https://www.distributeapps.com/droidapp/treats_runner-nckroFY4ew6YwOU-
10022016060759/home.php