Android Application Security - obfuscation using ProGuard in Android Studio

-

There are many techniques out there for Android Application code obfuscation. Most popular and easy to be applied is using ProGuard in Android Studio.

What it usually does is it will shorten your app's class name, optimize your code, remove unnecessary resources and code. The main goal of it is to make your app harder to be reverse engineered.

Obfuscation in Android Application has been applied extensively by malware author to hide their malicious code and give security researcher like us a bad day.

As developer, you can applied ProGuard in your Android App project by implement this additional rule in your project level build.grade(Module:app) file.

buildTypes { release { minifyEnabled true shrinkResources true proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'),'proguard-rules.pro' } debug { minifyEnabled false shrinkResources false proguardFiles getDefaultProguardFile('proguard-android.txt'),'proguard-rules.pro' } }







Rule sets as an example above is for two types of build, release and debug.

  • minifyEnabled is a rule for code shrinking, obfuscation, and optimization of your code.
  • shrinkResources is a rule for resource shrinking and to exclude unused resources. It works in conjunction with minifyEnable rule, so minifyEnable must be set to true to use this rule too.
  • proguardFiles is the default rule for ProGuard that are packaged with the Android Gradle Plugin.
  • Boolean value is used to enable minifyEnabled and shrinkResources function when building your build release.

Make sure to implement this in your app before build it for production release.


Reference 

Android Developer

Comments

Post a Comment

Popular posts from this blog

Deploying open-source SOC lab with red team simulation, at home. Elasticsearch Stack EDR + SIEM (Part 1)

-
Image
Introduction I’m always want to have my own lab that can mimic enterprise monitoring at home which include EDR (Endpoint Detection and Response), SIEM (Security Information and Event Management), case management and have a threat intel platform. It must be something that can be built from open source and free... Since there is significant upgrade on my personal workstation, I’m able to ramp up my virtualization capacity to support my endeavor. let’s gooooo! Network & Resources Allocation For this lab, everything will be deployed in virtual machine (VM) and in private network, simple. These are minimum specification I used in this lab; you can allocate more if you have more resources. CPU: 2 cores Network: bridged connection and replicate physical network connection state Storage: 80 GB RAM: 8 GB (For both Ubuntu VM, I’m allocating 16GB for better performance) Architectural & System Design Refer to the diagram above We will deploy two (2) Ubuntu 20.04 Desktop a
Read more

Deploying open-source SOC lab with red team simulation, at home. MISP, Cortex and TheHive (Part 2)

-
Image
Sorry for posting this a bit late for those who are waiting for part 2. During my time writing part 1 and part 2, I was in rush to prepare for the new addition to my family, we (me, wife & family) have been blessed with our firstborn baby boy. So yeah, with the birth of my son, Ramadhan, and preparation for Aidilfitri all together at once, time is a little bit tight. Hehe Thank you very much for all your wishes and thank you for still following this series, so this time we will set up and install components for MISP, Cortex, and TheHive. This includes installation and integration between these 3 components as described in part 1. Once you have completed all the installation and integration, this server will tremendously help your analysis and automate a lot of things, you can track your progress or investigation, manage case, alert, task, and IOCs found. With a click of a button, you can receive reports and threat intel from multiple sources. This can be your great tool as a
Read more