Questions About Proguard
Solution 1:
I can help with a couple of these.
Grabbing a string off your server is a mild defense, but then an attacker is going to see that URL and go grab the contents (or wireshark it). You've slowed the app down and tied the user to internet access for little to no gain. Proguard can't do this out of the box, if you really want to obfuscate your strings, Base64 encode them. It won't slow someone down much, but at least it's not obvious. More info: hiding strings in Obfuscated code
Dunno
Dunno
There are a number of classes and interfaces that need to have publicly visible names. Services, Activities, AIDL definitions are a few of them, but If you want a better idea, post the class/interface name and the classes it derives from/implements.
Solution 2:
Question 2. You can't have ProGuard rename those as they are part of the phone. You don't loose any obfuscation security with external classes not obfuscated. Attempting to make local copies that you include with your app will only lead you down a path of ruin, you want the versions that are on the phone.
Question 3. That is expected, and relates to question 4. Anything part of the package that contains your Activities (or other public entry points) needs to maintain that path.
So if you have packages:
com.mycompany.myapp.activities
Then the activities package must be fully retained because any activity classes will not be obfuscated. Also com.mycompay.myapp must be retain for any item referenced from XML so the system can correctly find your entry as defined in the manifest.
It sounds like ProGuard is working as it should be in your setup.
Post a Comment for "Questions About Proguard"