![]() Some of these tools help reverse engineers decompile the app back to its original code. Note: There are many other tools that engineers use to analyze apps, such as JD-GUI, APKTool, and Jadx. You’ll use this tool several more times in this tutorial. Select the app-debug.apk file and click OK to open the APK Analyzer. If necessary, navigate to the debug folder SlothSanctuary-Starter/app/build/outputs/apk/debug. It will open a dialog for your filesystem. Launch the analyzer by selecting Build ▸ Analyze APK. You can see what’s taking up the most space, as well as the total method and reference counts. It presents a view with a breakdown of your app’s file size. The APK Analyzer is a tool for inspecting your finalized app and what contributes to it’s size. You’ll want to check your app size along the way. It presents items that float around the screen in bubbles. You’ll make it more exciting by adding the BubblePicker library. Right now there’s a simple screen that lists the six species of sloths. Open the starter project in Android Studio 3.1.4 or greater, then build and run to see the app you’ll be working with. Getting Startedĭownload and unzip the materials for this tutorial using the Download Materials button at the top or bottom of this page. If Android development is new to you, first read through our Beginning Android Development and Kotlin for Android tutorials. If we want to define our own artifacts that we want to be published, we can use the artifact property.Note: This tutorial assumes that you’re already familiar with the basics of Android development and Android Studio. Therefore, if we want to publish an obfuscated library we need to remove that line and provide our publication with the output produced by obfuscateArtifact task.Īs we saw in the documentation the components is automatically defined by the java/kotlin plugin and includes all classes from the default sourceSets. So, this is how our publication task gets the project's artifacts and dependencies. For example, the java component consists of the production JAR - produced by the jar task - and its dependency information. They comprise one or more artifacts as well as the appropriate metadata. Quoting from gradle's docs:Ĭomponents are defined by plugins and provide a simple way to define a publication for publishing. ![]() The key here is the from components declaration. This is how we integrate proguard's gradle plugin:Įnter fullscreen mode Exit fullscreen mode I may need another article to justify that, but, bear with me. Also, I'll use gradle's groovy dsl, just because I like its convenience better than kotlin's now (for gradle scripts). There are probably many ways to do this, but since I have a mobile development background, we'll be doing this using proguard's gradle plugin, which will make things are little more simple, specially during the publication part. ![]() Here we're just interested in the obfuscation step which will rename the classes, fields, and methods using short meaningless names making it really hard to read the code. Proguard is basically a command line tool that takes input jars (aars, wars, ears, zips, apks, directories) and then performs shriking, optimization, obfuscation and preverification to output a new jar. ProGuard is the most popular optimizer for Java bytecode and it also provides obfuscation for the names of classes, fields and methods. By making the code hard to reverse engineer, you ensure that your library's intellectual property is guarded against security threats, unauthorized access, and discovery of application vulnerabilities. It's makes for a great AppSec initiative and often takes care of the bare minimum security you can have when publishing a source code out in they wild. If you're not sure what that means, code obfuscation is the modification of the source code to make it unintelligible, meaning it is impossible for a third-party to understand. In this article I wanted to give a brief overview of my strategy for publishing obfuscated kotlin libraries. On the other hand, when you're developing a java/kotlin library and you want to use code obfuscation, things get a little different. Since it's preconfigured in android's gradle plugin (it's actually proguard under the hood), but you don't really mess with it unless you want to. Being an android developer, I've heard about code obfuscation pretty early in my career.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |