[This place is by Dan Galpin, an Android Developer Advocate specializing in games and comics. Tim Bray]
The Securing Android LVL Applications journal place makes it country that an Android developer should ingest an obfuscation agency much as Proguard in visit to hold safeguard their applications when using License Server. Of course, this does inform another question. How should digit integrate much a agency with the Android physique process? Were specifically going to detail desegregation Proguard in this post.
Before you Begin
You must be running the latest edition of the Android SDK Tools (at least v7). The new Ant physique rules enter included with v7 contains hooks to hold user-created pre and place attain steps in visit to attain it easier to integrate tools much as Proguard into an Android build. It also integrates a single rules enter for building against all versions of the Android SDK.
Adding an Optimization Step to build.xml
First, youll hit to intend Proguard if you dont ease hit it.
If youve been using Eclipse to do your development, youll hit to alter to using the bidding line. Android builds are done using Athapascan Ant. A edition of Ant ships along with Eclipse, but I propose instalment your possess version.
The Android SDK crapper physique you a official build.xml file. Here is how its done:
android update send --path ./MyAndroidAppProjectIf all entireness well, youll hit a shiny new build.xml enter sitting in your path. Lets essay doing a build.
ant releaseYou should modify up with an unsigned promulgation build. The command-line tools crapper also sign your physique for you. Youll attending that the robot agency created a local.properties enter in your directory. It module allow the sdk.dir property. You crapper hit it attain you a signed physique by adding the positioning of your keystore and alias to this file.
key.store=/Path/to/my/keystore/MyKeystore.kskey.alias=myaliasSo, today you hit a signed physique from the bidding line, but ease no obfuscated build. To attain things easy, youre going to poverty to intend two helper files: add-proguard-release.xml and procfg.txt.
Copy these files into your root directory (where the build.xml enter sits). To add Proguard to your build, you prototypal requirement to edit your topical properties enter to add the positioning of the directory that Proguard is installed in:
proguard.dir=/Directory/Proguard/Is/Installed/InFinally... you requirement to add our playscript to your physique enter and hit it override a few targets. To do this, we ingest the XML entity construct. At the crowning of your build.xml file, add an entity that references our playscript file:
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE send [ <!ENTITY add-proguard-release SYSTEM "add-proguard-release.xml">]>Youre not done yet. Somewhere within the send tag add the meaning to our entity to allow our script.
<project name="MyProjectName" default="help">&add-proguard-release;Thats it! In many cases, calling
ant releaseWill provide you an obfuscated build. Now test and attain trusty that it hasnt broken anything.
But Wait, My App is Crashing Now
Most crashes hap because Proguard has obfuscated absent something that your covering needs, much as a class that is referenced in the AndroidManifest or within a layout, or perhaps something titled from JNI or reflection. The Proguard plan provided here tries to refrain obfuscating most of these cases, but its ease doable that in edge cases youll modify up seeing something like a ClassNotFoundException.
You crapper attain edits to the procfg.txt enter to ready classes that hit been obfuscated away. Adding:
-keep open class * [my classname]should help. For more information about how to preclude Proguard from obfuscating specific things, wager the Proguard manual. Specifically, the ready section. In the welfare of security, essay to ready as lowercase of your covering unobfuscated as possible.
The accepted settings provided in procfg.txt module be good for many applications, and module grownup many ordinary cases, but they are by no effectuation comprehensive. One of the things that weve done is had Proguard create a bunch of production files in the obf directory to hold you debug these problems.
The mapping.txt enter explains how your classes hit been obfuscated. Youll poverty to attain trusty to ready this around once you hit submitted your physique to Market, as youll requirement this to read your stack traces.
Conclusion
Tools much as Proguard attain the binary of your covering harder to understand, and attain your covering slightly smaller and more efficient at the aforementioned time, at the cost of making it slightly more hard to debug problems in the field. For many applications, the tradeoff is more than worthwhile.
Thanks
basyar.com
Tidak ada komentar:
Posting Komentar