How to use Proguard with Android and protect the app's functional integrity?

Question

I've an Ant build using the Proguard config below, which is that generated by the "android" command line tool, it seems pretty straightfoward. But when I build the app using this script, the app blows up when it's executed on the device, with a series of null pointer exceptions (the obfuscation process is somehow adding bugs to the code). To fix the app, I just rebuild it without running it through Proguard.

What advice would you offer to someone using Proguard with Android apps so that a) the app is optimised and obfuscated to a reasonable degree, but b) without the functional integrity being damaged?

-optimizationpasses 5
-dontusemixedcaseclassnames
-dontskipnonpubliclibraryclasses
-dontpreverify
-verbose
-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*

-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class com.android.vending.licensing.ILicensingService

-keepclasseswithmembernames class * {
    native <methods>;
}

-keepclasseswithmembernames class * {
    public <init>(android.content.Context, android.util.AttributeSet);
}

-keepclasseswithmembernames class * {
    public <init>(android.content.Context, android.util.AttributeSet, int);
}

-keepclassmembers enum * {
    public static **[] values();
    public static ** valueOf(java.lang.String);
}

-keep class * implements android.os.Parcelable {
  public static final android.os.Parcelable$Creator *;
}

Answer 1

I've found the solution to the specific case I experienced. I'll document the solution as I suspect others may find it useful.

I have two classes that are used specifically to hold payloads to/from JSON API calls. I hadn't excluded those classes from the obfuscation, so the GSON parser was failing to create the objects correctly as the class member names did not match the JSON parameter names.

So the moral of this story is if that when deserialising JSON data to create objects using GSON or other tools that match JSON parameter names with class member names, make sure Proguard doesn't rename them. The null reference exceptions I was seeing were because all the deseralised objects were blank.

I should say I'm NOT experiencing ClassNotFoundException, this is a different issue, and what initially seemed like quite inexplicable runtime errors, was just an interesting combo of assumptions.

Answer 2

Just follow the rules listed in the Configuring Pro-guard section . The key is any reference to a class in xml probably. So if you have any Receivers or Services in your manifest that aren't explicitly used in the code, they may be being removed by Proguard. This also includes classes in your layouts, like Custom views, etc.