1

Is ProGuard really a good way to protect the android application? I do not think. Please see the following images:

Compile Code

enter image description here

Decompile_Code

enter image description here

Also the variable names did not change and the code is readable easily.

java
  • 149
  • 1
  • 9
  • The ProGuard rules for an Android project `-keep` all activities. Otherwise, we could not create instances of those activities via reflection based on manifest entries. – CommonsWare Jul 26 '15 at 14:27

1 Answers1

4

Activity classes are not completely obfuscated. This is because the activities are listed in the manifest and classes referenced there are automagically kept. This is needed because the Android framework accesses these app entry points via reflection.

Read more from here:

The build process runs the tool aapt to automatically create the configuration file bin/proguard.txt, based on AndroidManifest.xml and other xml files. The build process then passes the configuration file to ProGuard. So ProGuard itself indeed doesn't consider AndroidManifest.xml, but aapt+ProGuard do.

Community
  • 1
  • 1
SubinM
  • 394
  • 3
  • 7