Menu
Please take a look at the following two images from Analyze APK on Android Studio.
minifyEnabled = false, and minifyEnabled = true (after decoding with mapping.txt of course)
minifyEnabled = false. BuildConfig is there.
minifyEnabled = true (decoded with mapping.txt). BuildConfig is not there.
I can find BuildConfig in classes.dex before minifying, but not after minifying. I can't find any document/discussion about this, but is there some rule to strip BuildConfig from classes.dex after minifying with ProGuard? In that case, does it mean that it is relatively safe to put sensitive information in BuildConfig? Or, probably it is just hidden in some other place?
My ProGuard version is 4.7 if that matters.
891
There's a class called BuildConfig. java which is automatically generated by the build system. This class is updated automatically by Android's build system (like the R class). It already contains a static final boolean called DEBUG, which is normally set to true.
Drag an APK or app bundle into the Editor window of Android Studio. Switch to the Project perspective in the Project window and then double-click the APK in the default build/output/apks/ directory. Select Build > Analyze APK in the menu bar and then select your APK or app bundle.
Open your command prompt, write below line of code and execute. If you find this output, then its a debug build as it is written “CN=Android Debug”.
An additional feature of the minifying step is the inlining of constants. This would explain why the BuildConfig disappears, and yet the values still exist where needed. Once the values get inlined, there are no more references to the BuildConfig class and the minifier can remove it entirely.
86
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
