Android Proguard - is it best practice to -keep all 3rd party libs?

Question

I'm configuring Proguard for an app that uses 3rd party libraries. Is it "best practice" (in order to avoid future hard-to-find bugs) to include the line:

-keep class 3rd_party_lib_name.** {*;}

for every single 3rd party open source library that doesn't have specific Proguard instructions from its developer?

Also, a related question: is there a general guideline for which cases I should use

-keep class 

and in which cases i should use

-keep public class

many thanks

Answer 1

The major problem with proguard and code obfuscation in general is that classname, methods and fields name are modified. ( i.e. myExplicitMethodName() became a() )

When a classname, method name or a field is modified, you cannot access it using the reflection API (i.e. Class.classForName(...) , ... )

Knowing that, it's a best practice to -keep all classes and libraries that can be invoked using the reflection API.

For 3rd party libraries, if you don't know if they use or not the reflection API : then -keep

For your own code: hopefully, you know in which classes you use it. So use -keep for those classes.

Note that some popular framework like dagger or jackson use the reflection API on your own classes, so if you use them, be careful!