如何在 Android 中使用 Proguard 并保护应用程序的功能完整性?
我有一个使用下面的 Proguard 配置的 Ant 构建,它是由“android”命令行工具生成的,看起来非常简单。但是,当我使用此脚本构建应用程序时,应用程序在设备上执行时会崩溃,并出现一系列空指针异常(混淆过程以某种方式向代码添加错误)。为了修复该应用程序,我只需重建它,而不通过 Proguard 运行它。
您会向在 Android 应用程序中使用 Proguard 的人提供什么建议,以便 a) 应用程序得到合理程度的优化和混淆,但 b) 功能完整性不会受到损害?
-optimizationpasses 5
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-dontpreverify
-verbose
-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class com.android.vending.licensing.ILicensingService
-keepclasseswithmembernames class * {
native <methods>;
}
-keepclasseswithmembernames class * {
public <init>(android.content.Context, android.util.AttributeSet);
}
-keepclasseswithmembernames class * {
public <init>(android.content.Context, android.util.AttributeSet, int);
}
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keep class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator *;
}
I've an Ant build using the Proguard config below, which is that generated by the "android" command line tool, it seems pretty straightfoward. But when I build the app using this script, the app blows up when it's executed on the device, with a series of null pointer exceptions (the obfuscation process is somehow adding bugs to the code). To fix the app, I just rebuild it without running it through Proguard.
What advice would you offer to someone using Proguard with Android apps so that a) the app is optimised and obfuscated to a reasonable degree, but b) without the functional integrity being damaged?
-optimizationpasses 5
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-dontpreverify
-verbose
-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class com.android.vending.licensing.ILicensingService
-keepclasseswithmembernames class * {
native <methods>;
}
-keepclasseswithmembernames class * {
public <init>(android.content.Context, android.util.AttributeSet);
}
-keepclasseswithmembernames class * {
public <init>(android.content.Context, android.util.AttributeSet, int);
}
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keep class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator *;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我已经找到了针对我遇到的具体案例的解决方案。我将记录该解决方案,因为我怀疑其他人可能会发现它有用。
我有两个类专门用于保存 JSON API 调用的有效负载。我没有从混淆中排除这些类,因此 GSON 解析器无法正确创建对象,因为类成员名称与 JSON 参数名称不匹配。
因此,这个故事的寓意是,当使用 GSON 或其他将 JSON 参数名称与类成员名称相匹配的工具反序列化 JSON 数据以创建对象时,请确保 Proguard 不会重命名它们。我看到的空引用异常是因为所有反序列化对象都是空白的。
我应该说我没有遇到 ClassNotFoundException,这是一个不同的问题,最初看起来非常莫名其妙的运行时错误,只是一个有趣的假设组合。
I've found the solution to the specific case I experienced. I'll document the solution as I suspect others may find it useful.
I have two classes that are used specifically to hold payloads to/from JSON API calls. I hadn't excluded those classes from the obfuscation, so the GSON parser was failing to create the objects correctly as the class member names did not match the JSON parameter names.
So the moral of this story is if that when deserialising JSON data to create objects using GSON or other tools that match JSON parameter names with class member names, make sure Proguard doesn't rename them. The null reference exceptions I was seeing were because all the deseralised objects were blank.
I should say I'm NOT experiencing ClassNotFoundException, this is a different issue, and what initially seemed like quite inexplicable runtime errors, was just an interesting combo of assumptions.
只需遵循配置 Pro-guard 部分中列出的规则即可。关键可能是对 xml 中的类的任何引用。因此,如果清单中有任何未在代码中明确使用的接收器或服务,它们可能会被 Proguard 删除。这还包括布局中的类,例如自定义视图等。
Just follow the rules listed in the Configuring Pro-guard section. The key is any reference to a class in xml probably. So if you have any Receivers or Services in your manifest that aren't explicitly used in the code, they may be being removed by Proguard. This also includes classes in your layouts, like Custom views, etc.