Should I use ProGuard?

Question

I want to generate signed APK in Android Studio and it offers me an option to run ProGuard. It asks me to give config file path, but I don't have config file. How to create one? Should I use ProGuard at all? Can you and is it easy to unpack APK file which don't use ProGuard?

EDIT: Thank you for your answers, but I can't find proguard.cfg file anywhere. Only properties file I have in root directory of the project is local.properties file and when I open it in Android Studio I got this:

# This file is automatically generated by Android Studio. # Do not modify this file -- YOUR CHANGES WILL BE ERASED! # # This file must *NOT* be checked into Version Control Systems, # as it contains information specific to your local configuration.  # Location of the SDK. This is only used by Gradle. # For customization when using a Version Control System, please read the # header note. sdk.dir=C:/.../... 

Answer 1

It is quite easy to reverse engineer Android applications, so if you want to prevent this from happening, yes, you should use ProGuard for its main function: obfuscation.

ProGuard has also two other important functions: shrinking which eliminates unused code and is obviously highly useful and also optimization. Optimization operates with Java bytecode, though, and since Android runs on Dalvik bytecode which is converted from Java bytecode, some optimizations won't work so well. So you should be careful there.

There are instructions on how to use proguard on the Android website. The main thing you need to check is that you have the line

proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt 

in your project.properties file. Since you mention that you use Android Studio and you don't have this file, but you are asked about the config file, try selecting the one that is in the Android SDK (tools/proguard/proguard-android.txt).