1. 技术文章
  2. Android Proguard - is it best practice to -keep all 3rd party libs?

Android Proguard - is it best practice to -keep all 3rd party libs?

你离开我真会死。 提交于 2019-12-04 11:00:06
ben75

The major problem with proguard and code obfuscation in general is that classname, methods and fields name are modified. ( i.e. myExplicitMethodName() became a() )

When a classname, method name or a field is modified, you cannot access it using the reflection API (i.e. Class.classForName(...) , ... )

Knowing that, it's a best practice to -keep all classes and libraries that can be invoked using the reflection API.

For 3rd party libraries, if you don't know if they use or not the reflection API : then -keep

For your own code: hopefully, you know in which classes you use it. So use -keep for those classes.

Note that some popular framework like dagger or jackson use the reflection API on your own classes, so if you use them, be careful!

The fewer -keep options you can use, the better your results will be, in terms of optimization and obfuscation. If you don't have the time to find an optimal configuration, you can take a more conservative approach. The most conservative solution is to preserve all classes, fields, and methods in the library, so any internal reflection will continue to work:

-keep class 3rd_party_lib_name.** {*;}

Slightly less conservative, but typically sufficient: preserve all public API:

-keep public class 3rd_party_lib_name.** {
    public *;
}

Even less conservative: only preserve public classes, but not necessarily their fields or methods:

-keep public class 3rd_party_lib_name.**

Some experimentation can go along way.

As ben75 mentions, this doesn't account for third party libraries performing reflection on your own code.

标签
android
proguard
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!