R8: Protect Android App Against Reverse Engineering

Protecting Tools for Android App

In Android Studio, there are 2 tools to protect it.

  1. ProGuard:

A. It is Open Source Tools for Obfuscating Android Code

B. Obsoleted by R8

C. Used before Android Studio Gradle plugin 3.4.0 or below

2. R8:

A. New tool replacement of ProGuard

B. Development by Google

C. Best Compatible with Kotlin

What is R8?

It is the tool for optimizing your app for release by following ways:

  1. It converts our java byte code into an optimized dex code
  2. Remove unused classes, functions and fields from app.
  3. Minify the code
  4. Remove unused resources
  5. Optimize the code itself
  6. Obfuscates your code
  7. R8 uses Proguard rules to modify its default behavior

R8 Comparison with Proguard

  1. R8 is use by default using Gradle plugin above 3.4.0 or more.
  2. R8 uses Proguard rules.
  3. Proguard reduces the app size by 8.5%
  4. R8 reduces app size by 10%.
  5. R8 has more Kotlin support compared to Proguard.
  6. R8 gives better outputs than Proguard, and to do so faster than Proguard does, thereby reducing overall build time.

Proguard Working Process

  1. In Proguad, applications code is converted to Java bytecode by the Java compiler. After the conversion, it is then optimized by Proguard using the rules which we have written. Then dex converts it to optimized Dalvik byte code.
  2. This is roughly a 4 step process to convert it to Dalvik bytecode.

R8 Working Process

  1. In R8, first the app’s code is converted to Java bytecode by the java compiler and then using R8 directly, it converts the java byte code in Dalvik bytecode.

How to enable R8 in Android Studio Gradle file

For enabling R8 in Android Studio App, We need to add following line of code in Module Level Gradle File

buildTypes {

Release {

minifyEnabled true

shrinkResources true

proguardFiles getDefaultProguardFile(‘proguard-android.txt’), ‘proguard-rules.pro’

}

}

How to Avoid Obfuscation of Any Class

If want to avoid obfuscating of any class like Data Class, so we can do by 2 ways:

  1. By @keep annotation while declaring class

@keep class <classname> {}

2. By enter class name in “proguard-rules.pro” file

A. For single class

-keep public class <classname>

B. For single interface

-keep public interface <interfacename>

C. For classes in package

-keep class <package name>.** { *; }

D. For interfaces in package

-keep interface <package name>.** { *; }

Thank You For Reading my Article

Assoc. Prof. , DCA & Addl. Head (SD), SDFS, at KIET, M. Tech (CS), PhD (CS) My Blogs: http://blackhatkoders.blogspot.com, My YouTube Channel: Dr. Vipin Classes