Obfuscation of Kotlin Data Class' toString Method

Question

I use Kotlin data classes everywhere in my app.

I am using R8 at compile time.

I have a security requirement where the generated toString method cannot contain the original attribute name. At the moment, the generated method, contains the entire classes attributes names in plain text and their obfuscated value names.

public String toString() {
    return "MyClass(id="+this.f1231msd+", password="+this.fj92313+")");
}

I have a few options but I would like to see if there are other options I have not found.

1. I checked Proguard's source code and found this class that uses the obfuscated name in the toString method. This would be perfect if R8 did this but doesn't seem to.
2. Manually override each data class' toString method with a blank string.
3. Write an R8 rule to step 2 for me
4. Create a compile time annotation to return a blank string for toString

Are there any other options out there?

Answer 1

After hunting around for other options and solutions, I decided to modify an existing compiler plugin that would automate this for me.

What this does is allows me to still benefit from Kotlin's auto-generated toString() method during development but then redacts the contents of toString() at release compile time.

It outputs a method such as this:

public String toString() {
    return "██";
}

At the moment this is just on my fork in the branch redact-all-and-class-names but potentially it may be included in the main library.