confusion

studio uses Proguard for confusion, a tool for compressing, optimizing, and confusing java bytecode files.

• Functions: Shrinking, Optimizing, Obfuscattion, Preverification.
• Advantage:
  1. Delete the unused resources of the project to effectively reduce the apk size;
  2. Delete useless classes, class members, methods and attributes. You can also delete useless comments and optimize byte code files to the maximum extent possible.
  3. Rename existing classes, methods, attributes, etc. with short, meaningless names to make reverse engineering more difficult.

To configure

    buildTypes {
        release {
            // true - Turn on confusion
            minifyEnabled true
            // true - Turn on resource compression
            shrinkResources true
            // For setting up Proguard Planned path;
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro',
                    '../libModule/proguard-rules.pro'
        }
    }

• Proguard-android.txt: where proguard-android.txt is the default confusion file of the system. Specifically, it contains the most basic confusion of Android under the.. / sdk/tools/proguard/directory, and generally does not need to be changed;
• proguard-rules.pro: is the rule we need to configure;
• If you want to configure obfuscation files for multiple Module s, you only need to add commas and obfuscation file paths after them.

Basic Confusion Configuration

# Code confusion compression ratio, between 0 and 7, defaults to 5, generally unchanged
-optimizationpasses 5

# Mixing does not use case mixing, and the class name after mixing is lower case
-dontusemixedcaseclassnames

# Specify classes that do not ignore non-public Libraries
-dontskipnonpubliclibraryclasses

# Specify class members that do not ignore non-public Libraries
-dontskipnonpubliclibraryclassmembers

# This sentence can confuse our project and produce a mapping file
# Mapping relationships containing class names - > confused class names
-verbose

# Without prevalidation, prevalidation is one of the four steps of proguard. Android does not need prevalidation. Removing this step can speed up confusion.
-dontpreverify

# Keeping Annotation unambiguous is important when mapping JSON entities, such as fastJson
-keepattributes *Annotation*,InnerClasses

# Avoid confusing generics
-keepattributes Signature

# Keep line numbers when throwing exceptions
-keepattributes SourceFile,LineNumberTable

# Specifies that the ambiguity is the algorithm used, followed by a filter
# This filter is Google's recommended algorithm and generally remains unchanged
-optimizations !code/simplification/cast,!field/*,!class/merging/*

# Ignore warnings
-ignorewarnings

# Set whether to allow scope changes
-allowaccessmodification

# Confusing method names in confusing classes
-useuniqueclassmembernames

# The internal structure of all class es within the apk package
-dump class_files.txt

# Unconfused Classes and Members
-printseeds seeds_txt

# List code removed from apk
-printusage unused.txt

# Mapping before and after confusion
-printmapping mapping.txt

Confusion should not be used

• 1. Elements used in reflection need to be guaranteed the same class name, method name and attribute name, otherwise reflection will have problems.
• 2. It is best not to confuse some bean s
• 3. The four components cannot be confused. The four components must register the declaration in manifest, and the class name will change after confusion, which does not conform to the registration mechanism of the four components.

-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgent
-keep public class * extends android.preference.Preference
-keep public class * extends android.support.v4.app.Fragment
-keep public class * extends android.app.Fragment
-keep public class * extends android.view.view
-keep public class com.android.vending.licensing.ILicensingService

• 4. Notes cannot be confused. Notes in many scenarios are used to reflect elements as they go along.

-keepattributes *Annotation*

• 5. value and valueOf methods in enumerations cannot be confused because they are added to code statically and are also used by reflection, so they cannot be confused.Applying enumeration adds many methods, increases the number of methods in the package, and increases the size of the dex.

-keepclassmembers enum * {
    public static **[] values();
    public static ** valueOf(java.lang.String);
}

• 6. JNI calls Java methods, which need to be formed from an address consisting of the class name and the method name.
• 7. Java uses the Native method, which is written in C/C++, and cannot be confused together.

-keepclasseswithmembernames class * {
    native <methods>;
}

• 8. JS Calls Java Methods

-keepattributes *JavascriptInterface*

• 9. Calling JavaScript in Webview should not be confused
  Note: Which package name is referenced by the Webview.

-keepclassmembers class fqcn.of.javascript.interface.for.webview {
   public *;
}

-keepclassmembers class * extends android.webkit.WebViewClient {
    public void *(android.webkit.WebView, java.lang.String, android.graphics.Bitmap);
    public boolean *(android.webkit.WebView, java.lang.String);
}

-keepclassmembers class * extends android.webkit.WebViewClient {
    public void *(android.webkit.WebView, java.lang.String);
}

• 10. Third parties may recommend their own confusion rules
• 11. The subclass of Parcelable is not confused with the static member variable of Creator, otherwise an android.os.BadParcelableExeception exception will occur.
  Serializable interface class deserialization:

-keep class * implements android.os.Parcelable {
  public static final android.os.Parcelable$Creator *;
}

-keep class * implements java.io.Serializable {
    public *;
}

-keepclassmembers class * implements java.io.Serializable {
   static final long serialVersionUID;
   private static final java.io.ObjectStreamField[] serialPersistentFields;
   !static !transient <fields>;
   private void writeObject(java.io.ObjectOutputStream);
   private void readObject(java.io.ObjectInputStream);
   java.lang.Object writeReplace();
   java.lang.Object readResolve();
}

• 12. Gson's Sequence Number and Deserialization are essentially classes parsed using reflection

-keep class com.google.gson.** {*;}
-keep class sun.misc.Unsafe {*;}
-keep class com.google.gson.stream.** {*;}
-keep class com.google.gson.examples.android.model.** {*;}
-keep class com.google.** {
    <fields>;
    <methods>;
}
-dontwarn class com.google.gson.**