Getting Started with ProGuard

Nov 28 2018 , Kotlin 1.2, Android 4.4, Android Studio 3 Kotlin 1.2, Android 4.4, Android Studio 3

In this Android tutorial, you’ll learn how to strip down your app size by making use of ProGuard – an app shrinking and obfuscation tool. By Kolin Stürt.

Leave a rating/review
Download materials
Save for later
Share
Contents

Contents

Hide contents

Getting Started with ProGuard

30 mins

There’s been a recent increase in popularity of Internet of Things, DIY boards and entry-level devices. The consequence has been a step back from writing large apps in favor of smaller ones. ProGuard is here to help keep apps as small as can be.

Smaller apps download, install and run faster. This is important for business. The more time spent onboarding, the higher the chance the user is going to abandon your app and try something else.

In this tutorial, you’ll create a simple app which reveals details about sloths! You’ll learn how to strip down your app size by making use of ProGuard – an app shrinking and obfuscation tool. The optimizations that ProGuard performs translate to a certain level of obfuscation, which can add a minimal layer of security to help prevent reverse engineering or tampering with your app.

In the process, you’ll learn:

  • How to use the APK Analyzer
  • How to use ProGuard rules
  • How to debug a ProGuard’ed app

Note: This tutorial assumes that you’re already familiar with the basics of Android development and Android Studio. If Android development is new to you, first read through our Beginning Android Development and Kotlin for Android tutorials.

Note: This tutorial assumes that you’re already familiar with the basics of Android development and Android Studio. If Android development is new to you, first read through our Beginning Android Development and Kotlin for Android tutorials.

Getting Started

Download and unzip the materials for this tutorial using the Download Materials button at the top or bottom of this page. Open the starter project in Android Studio 3.1.4 or greater, then build and run to see the app you’ll be working with.

Starter project

Right now there’s a simple screen that lists the six species of sloths. The app doesn’t do very much. You’ll make it more exciting by adding the BubblePicker library. It presents items that float around the screen in bubbles. You’ll want to check your app size along the way. Luckily, there’s a tool for that. :]

Using the APK Analyzer

The APK Analyzer is a tool for inspecting your finalized app and what contributes to it’s size. It presents a view with a breakdown of your app’s file size. You can see what’s taking up the most space, as well as the total method and reference counts.

Launch the analyzer by selecting Build ▸ Analyze APK. It will open a dialog for your filesystem. If necessary, navigate to the debug folder SlothSanctuary-Starter/app/build/outputs/apk/debug. Select the app-debug.apk file and click OK to open the APK Analyzer. Note the file size of the current APK. You’ll use this tool several more times in this tutorial.

APK Analyzer

Note: There are many other tools that engineers use to analyze apps, such as JD-GUI, APKTool, and Jadx. Some of these tools help reverse engineers decompile the app back to its original code. Sometimes it’s done for fun, but often reverse engineering is done for theft of intellectual property or app cloning.

Note: There are many other tools that engineers use to analyze apps, such as JD-GUI, APKTool, and Jadx. Some of these tools help reverse engineers decompile the app back to its original code. Sometimes it’s done for fun, but often reverse engineering is done for theft of intellectual property or app cloning.

Adding the BubblePicker Library

Open the build.gradle file for the app module and add the following to the list of dependencies:

implementation 'com.github.igalata:Bubble-Picker:v0.2.4'

Perform a Gradle sync, then select Build ▸ Make Project. Once finished, run the APK Analyzer again. You’ll notice adding the dependency added a few megabytes to the APK file without even writing any code! You won’t be using every part of this library – this is where ProGuard comes in. ProGuard will do its job to remove all the code that is not accessed by the app.

Enabling ProGuard

Enabling ProGuard is simple! In the build.gradle file for the app module, replace the buildTypes code with the following:

buildTypes {
  release {
    minifyEnabled true
    proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
  }
  debug {
    minifyEnabled true
    proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
  }
}

Setting minifyEnabled to true enables ProGuard. ProGuard looks at the entry points of your app and maps out the code that the app can reach. It removes the rest, and replaces the names of classes and methods with shorter ones, making for a much smaller APK size! Be aware that using ProGuard results in slower build times.

Even so, ProGuard often mistakenly obfuscates and removes code that it thinks you’re not using, even when you are. You’ll need to test often that everything still works with ProGuard enabled as you go along. The earlier you find problems in the build, the easier it will be to fix them. :]

Sync Gradle, then build and run. Notice that there are already compiler errors:
Compiler warnings

The compiler errors include “Can’t find referenced class org.sl4j” and “Can’t find referenced class sun.misc.Unsafe”. The first way you’ll look to solving these ProGuard problems is through online research.

Head over to Bubble Picker library’s GitHub page to see if there’s any documentation about using the library with ProGuard. Sometimes the README page will have ProGuard information, but in this case it doesn’t. Next, select Issues.
GitHub site

In the search field, remove the is:open, add sl4j and press enter. Good luck – issue #61 looks like the same issue, with suggestions to add some “don’t warn” exceptions for ProGuard.
GitHub issues

Adding “Don’t Warn” Rules

“Don’t warn” rules tell Android Studio to ignore warnings. This can be dangerous, but if you know for sure that you’re not using a part of the code, it can come in handy. They work by specifying the package name. * is a wildcard – it doesn’t include sub-packages, whereas ** includes sub-packages. The rules for ProGuard go into the proguard-rules.pro file.

Add the following to the end of the proguard-rules.pro file to ignore warnings for the org.slf4j package:

-dontwarn org.slf4j.**

The next warnings that all refer to sun.misc.Unsafe. rx.internal are in reference to the RxJava library. Head over to the RxJava Github page and click on Issues. Replace is:open with sun.misc.Unsafe and press enter. You’ll see a few posts about the same issue. In this post, it states that sun.misc is never used so it’s safe to ignore. Add the following in the proguard-rules.pro file, right under the line you just added:

-dontwarn sun.misc.**

Select Build ▸ Make Project. Now it builds successfully!

Note: You may see suggestions for “-dontwarn *” floating around on forums, but it’s very bad practice. This means don’t warn “all”. It will fix irrelevant warnings, but will also ignore critical ones where something is actually wrong.

Note: You may see suggestions for “-dontwarn *” floating around on forums, but it’s very bad practice. This means don’t warn “all”. It will fix irrelevant warnings, but will also ignore critical ones where something is actually wrong.

Run your APK Analyzer again. You’ll notice the APK size is much smaller now. That’s because ProGuard has removed all of the code you’re not using. Now that your project builds, you can start to add in code to display the bubbles.