Hey guys, I would like to hear your opinion/thoughts regarding obfuscation and proguard. Personally I always obfuscate my code prior releasing any app and I have seen that the majority of apps do not do that. Is that due to lack of knowledge or is it just a choice of the developer?
I had looked through products like progaurd/allatori but the steps were tedious. if possible some very simple way to obfuscate the code. With policy changes and apps becoming popular, I think I need to add it.
I was curious why people do not bother. It is very easy to just see your code if you do not obfuscate, and usually you need time to develop a good app or create some custom components. Why you do not use the tools provided and take some precautions for your work…
But what is the simplest way to do it??
I have not done it due to lack of some simple automatic way.
just put some text in proguard.cfg… It’s very simple, but it needs changes when e.g. there is new SDK of some ad networks etc.
Sometimes it’s really hard to find the right proguard settings for ad network’s sdks and any other sdks you might be using. One of the main reasons I don’t use proguard is because even if you save the retrace files for debugging error reports from google play; all it will give you is what class caused the error and not which line number. I even tried the preserve line numbers option in the proguard config file, but it didn’t work. On top of alk this I’ve heard some people say the optimization can cause crashes in some cases. Then even if you do obfuscate it’s not going to stop an experienced programmer from stealing your code.
Not exactly… Proguard creates file named sth like mapping.txt. On GP crashed you got e.g. crash at a.a:28 . It means that you have to see what is a.a (it is the name of the function) and 28 is the line. So you can localize it as I remember…
If you have good proguard configuration you won’t get crashes, but it is sometimes hard to write one;) specially with ad networks SDKs
I will only obfuscate to avoid that new patent banning me because of using similar code in multiple apps. If Google can still see the source code/layouts/buttons/styles then there is no benefit I see. @XdebugX, do you think google will take care of obfuscation when implementing that patent?
Hey @XdebugX and @javaexp, as @mmmkkksss said it’s just a few lines of code. However yes some times it gets really difficult. I remember one time that an error that was driving me crazy was fixed by changing optimisation passes from 7 to 5! Ad networks should provide all necessary information for using their network with proguard. However you should not be experienced developer to see the code. it is so easy, and I know a lot of people in the community do it… Personally when I like an app I just have a look in its code to see what is going on with that app…I think developers should be more aware about that…
anyone can see the resources of an app. You just rename it and unzip to see the res folder…
How about code. I think obfuscation makes class names as a.java, ab.java, d.java etc. Can that also be recreated?
no code will be obfuscated (if you use proguard) except from classes explicitly stated in proguard file.
This is a good thread. I’m a new developer, and I’ve never heard of obfuscating a code. I am very interested in learning more about this.
I’ve used the retrace tool with the mappings file and it did give me the class and method names, but no line numbers. I’ve even tried it with the preserve line numbers option in the proguard config, but couldn’t get it to work.
I think it will be pretty easy for google to filter out open source and shared code. They won’t care about you reusing code in your own multiple apps.
If google decides to ban developers’ apps that share the same code base/snippets the play store will be empty. Almost every developer practices this. From game sequels to app versions to layouts, to settings/splash screen etc and of course, clones.
Also, I don’t think using pro guard will save you from almighty google
I’ve always skipped obfuscation. I thought it was too much work. But it actually very simply. It can be as simple as uncommenting a line.
I just use admob now so it’s quite easy to find how to set proguard for it by looking on the internet. It must be useful if you don’t want people to copy your code and just change your ad-id.
won’t that result in one developer publishing his own apps multiple times by making only incremental changes. we never know what’s upon us.
They wanna kill clones too. Just using the word “piracy” to trick us
“Google is designing a new system that could help keep pirated apps out of Google Play. By scanning each app as it is submitted and comparing its assets against those used in other apps, the search giant could detect illegal clones before they make their way into users’ hands.”
“When a developer uploads an app to Google, a system would compare all of its assets — including its audio and image files, executable code, and data files — with those already known to Google (i.e., those already uploaded to Google Play). If a certain number of those assets match those used in other apps, then it’s automatically flagged for manual review.”