I find myself needing more detail in my reported stack traces, but I'm concerned that by including the extra data (by using -keepattributes SourceFile,LineNumberTable) I'm making my app even easier to reverse engineer. Is this the case, and if so, by how much?
In the obfuscation step, ProGuard renames classes and class members that are not entry points. In this entire process, keeping the entry points ensures that they can still be accessed by their original names. The preverification step is the only step that doesn't have to know the entry points.
ProGuard optimizes Gson code by detecting which domain classes are serialized using the Gson library. It replaces the reflection-based implementation of GSON for reading and writing fields with injected and optimized code that accesses the fields of the domain classes directly when reading and writing JSON.
Obfuscate APK Android ProGuard tool can be used to obfuscate , shrink , and optimize the code. ProGuard renames classes, fields, and methods with semantically obscure names and removes unused code. To obfuscate we can set the minifyEnabled true in the app/build. gradle file.
ProGuard manual > Examples > Producing useful obfuscated stack traces
The SourceFile attribute is required, because Oracle/Sun's Java virtual machine otherwise does not include line numbers in stack traces, which is what you really want (and which is quite harmless on its own). I haven't checked if this is true for Android's Dalvik virtual machine.
As for a solution, ProGuard can keep the SourceFile attribute but replace its contents by a meaningless string of your choice, e.g.
-renamesourcefileattribute SourceFile
The value of the string is not important for interpreting the stack traces. Picking a string like "SourceFile" avoids increasing the class file sizes, because this string is already present by definition.
I am not exactly sure of what happens but given the source file name contains the actual name of the class, someone could use this to map obfuscated class names into real class names. Given obfsucation already jumbles everything up why keep the source file at all ? Everything should and will still run, the debug details are not required by the runtime so it makes no sense to keep them. The more you remove the better given your goals.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With