What to expect from code obfuscation (proguard, android)

Question

There is an APK obfuscated by Proguard. I used APK tool to decompile it. It created *.smali files for each class. I can see real names of classes and even code flow:

.locals 2

new-instance v0, Lcom/acme/model/Receipt;

invoke-direct {v0}, Lcom/acme/model/Receipt;-><init>()V

iget-object v1, p1, Lcom/acme/bus/Receipt;->a:Ljava/lang/String;

invoke-virtual {v0, v1}, Lcom/acme/model/Receipt;->setText(Ljava/lang/String;)V

iget v1, p1, Lcom/acme/bus/event/device/Receipt;->b:I

invoke-virtual {v0, v1}, Lcom/acme/Receipt;->setType(I)V

return-object v0

I can see there what this method does. I expected that all packages, classes, properties, methods will be changed and source code will make no sense for the first sight. What can obfuscation do on Android?

Answer 1

As far as I know, proguard will obfuscate android projects by default when proguard is enabled for the project.

A possible stacktrace from such an appliation will look somewhat like this:

Caused by: java.lang.NullPointerException
at net.simplyadvanced.ltediscovery.be.u(Unknown Source)
at net.simplyadvanced.ltediscovery.at.v(Unknown Source)
at net.simplyadvanced.ltediscovery.at.d(Unknown Source)
at net.simplyadvanced.ltediscovery.av.onReceive(Unknown Source)

--> no information about class nor method names

So I assume, that the developer who built the apk disabled the class renaming for some reason. See also Using Proguard with Android without obfuscation

Source of the stacktrace: http://simplyadvanced.net/blog/android-how-to-decode-proguards-obfuscated-code-from-stack-trace/

Answer 2

As far as I know it will rename all your classes and methods as e.g. A,AA,AAA,B,BB,etc. so that it won't be that easy to read and understand. Just that much and removes all the classes and junk that is not referenced or used is also removed and the APK is compressed to a noticeable small size.