Android app confusion in-depth analysis – layer by layer analysis to solve the pain points in development

preface

Obfuscating the code before the application is released makes our code hard to read even when decompiled; Many people do not know how to set up confusion, which do not need to be confused, that to the old iron people, can be directly used knowledge points.

Android OkHttp network architecture source code in-depth analysis (uncover the mysterious veil)

The configuration of the AS is confused

In AS, you can configure the proGuard-rules. pro file to encrypt the generated APK and JAR. In addition, you need to configure the build.gradle under the app in the project to enable the obtrude function.

Item configuration in AS is confused

Gradle code is as follows

BuildTypes {debug {minifyEnabled false // confuse zipAlignEnabled true // Zipalign optimizes shrinkResources true // Delete resource file proguardFiles getDefaultProguardFile(' proGuard-android.txt ') 'proguard-rules.pro' // load the default obfuscation configuration file signingConfig signingConfigs.debug // signature} Release {minifyEnabled true // obfuscation Zipalign optimizes shrinkResources true // Remove useless resource files proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro' // load default obfuscation configuration file signingConfig signingConfigs.relealse // signature}}Copy the code

The rules

Obfuscation renames classes, variables, and methods with meaningless short variables, but some external references find corresponding methods and classes by name. If the method and class cannot be found, an exception will be reported. So there are situations where you can’t get confused.

1. Custom controls do not obfuscate
2. Enumeration classes are not confused
3. Reflection classes do not do obfuscation
4. Entity classes are not confused
5. Java method called by JS
6. The four components are not to be confused
7. There is no confusion in calling classes in JNI
8. Layout Used by the LayoutViewConstructor,android:onClickEtc.
9. ParcelableA subclass of andCreatorStatic member variables are not confused

Obfuscating file contents

Basic obfuscation instruction

# OptimizationPasses 5 # OptimizationPasses 0 ~ 7 Obfuscated class called lowercase - dontusemixedcaseclassnames # specified not to ignore the public library classes - dontskipnonpubliclibraryclasses # specified not to ignore the members of the public library - no do preverification dontskipnonpubliclibraryclassmembers # confusion - no logging dontpreverify # confusion - verbose # # ignore the warning - ignorewarning code optimization - Dontshrink # do not optimize input class files -dontoptimize # Keep annotations without obfuscating - KeepAttributes *Annotation*,InnerClasses # Avoid obfuscating generics - keepAttributes Signature # reservation code line number, convenient exception information tracking - keepattributes SourceFile, LineNumberTable # confuse the algorithm - optimizations. code/simplification/cast,! field/*,! Class /merging/* # seeds. TXT lists the internal structure of all classes within the APK package TXT file lists the code deleted from the APK - printUsage unused. TXT # mapping. TXT file lists the mappings before and after the confusion -printmapping mapping.txtCopy the code

Android classes that don’t need to be confused

Support Design library, all classes under Support and their inner classes, Android classes

-keep public class * extends android.app.Fragment -keep public class * extends android.app.Activity -keep public class *  extends android.app.Application -keep public class * extends android.app.Service -keep public class * extends android.content.BroadcastReceiver -keep public class * extends android.preference.Preference -keep public class * extends android.content.ContentProvider -keep public class * extends android.app.backup.BackupAgentHelper -keep public class * extends android.preference.Preference -keep public class * extends android.view.View -keep public class com.android.vending.licensing.ILicensingService -keep class android.support.** {*; } -dontwarn android.support.** -keep interface android.support.** { *; } -keep class androidx.** {*; } -keep interface androidx.** {*; } -keep public class * extends androidx.** -dontwarn androidx.** -dontwarn android.support.design.** -keep class android.support.design.** { *; } -keep interface android.support.design.** { *; } -keep public class android.support.design.R$* { *; } -keep class com.google.android.material.** {*; } -dontwarn com.google.android.material.** -dontnote com.google.android.material.**Copy the code

Avoid confusing the get/set methods and constructors of custom control classes

-keep public class * extends android.view.View{
    *** get*();
    void set*(***);
    public <init>(android.content.Context);
    public <init>(android.content.Context, android.util.AttributeSet);
    public <init>(android.content.Context, android.util.AttributeSet, int);
}
Copy the code

Disabling Log

-assumenosideeffects class android.util.Log { public static boolean isLoggable(java.lang.String, int); public static int v(...) ; public static int i(...) ; public static int w(...) ; public static int d(...) ; public static int e(...) ; }Copy the code

Avoid resource confusion

-keep class **.R$* {*; }Copy the code

Avoid the onclick method in layout

-keepclassmembers class * extends android.app.Activity{
    public void *(android.view.View);
}
Copy the code

Avoid confusing enumeration classes

-keepclassmembers enum * {
    public static **[] values();
    public static ** valueOf(java.lang.String);
}
Copy the code

The Natvie method is not confused

-keepclasseswithmembernames class * {
    native <methods>;
}
Copy the code

Avoid confusion between Parcelable and Serializable interfaces

-keep class * implements android.os.Parcelable { public static final android.os.Parcelable$Creator *; } -keepclassmembers class * implements java.io.Serializable { static final long serialVersionUID; private static final java.io.ObjectStreamField[] serialPersistentFields; ! static ! transient <fields>; private void writeObject(java.io.ObjectOutputStream); private void readObject(java.io.ObjectInputStream); java.lang.Object writeReplace(); java.lang.Object readResolve(); }Copy the code

WebView confuses the configuration

-keepclassmembers class fqcn.of.javascript.interface.for.webview { public *; } -keepclassmembers class * extends android.webkit.webViewClient { public void *(android.webkit.WebView, java.lang.String, android.graphics.Bitmap); public boolean *(android.webkit.WebView, java.lang.String); } -keepclassmembers class * extends android.webkit.webViewClient { public void *(android.webkit.webView, jav.lang.String); } -keep public class {public *; } -keepattributes JavascriptInterfaceCopy the code

The network framework OkHttp3 confuses the configuration

-dontwarn com.squareup.okhttp3.** -keep class com.squareup.okhttp3.** { *; } -dontwarn okio.**Copy the code

To learn more about Android development, be sure to subscribe. Thanks

Done. Comments on questions

Public number [Android development and programming]