Shrink, Optimize and Secure Your App With R8 & ProGuard - Full Guide

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys welcome back to new video in this video i want to give you a full guide to use proguard or r8 so rather r8 um many people talk about proguard in combination with android but r8 is actually the standard for android that is what is implemented by default in gradle so i will teach you this however if you want to use proguard then you can still do this for android by just setting some gradle options if you wonder what the difference between these two is there is no real big difference both are just tools to optimize your app before releasing it so really every android developer out there who wants to publish an app at some point needs to know about these things about r8 about proguard and just what these are and how to use them and this single video will be enough to teach you what you need to know what is r8 actually as i already said it's a tool that will optimize your app before releasing it so it will actually do that in multiple ways on the one hand it will optimize your code and shrink it by just removing all unused functions all unused classes all unused fields which will of course make your app smaller and you might think now why would i actually have functions or classes that i never use i would remove them and that is true but the big advantage here of r8 is that it will also do that for your dependencies that you use for your libraries that you include so think about it you very rarely need all the functions and all the classes you actually include with a dependency with the library in your project so that basically means that you can that it doesn't really matter how many libraries you include in your project because if you use r8 your code will always only end up with those classes and those functions that your specific project needs and not with all those functions that come from these libraries so that is one way how it will shrink your code and your app's size another way is that you can use it to shrink your resources so that it will just remove unused resources from your android project which will also just make your app a little bit smaller then it will also just optimize your code it will for example remove unused if statements so empty if statement and just check if there is some code that can't be reached or so and it will just remove that and make your files smaller that way and the last thing how it will optimize your app is actually one of the most important ways here and that is called code obfuscation so what that means is it will take all your classes all your functions all your variables and rename those to short unreadable names before building the release app or actually for the release app and that is actually very important if you plan on publishing your app because um everybody who can download your app can also potentially reverse engineer your app and search in your app how it is programmed what its weaknesses are and it's just a very important security measure to obfuscate your code so to rename all these classes functions and variables to unreadable names so those persons who actually want to reverse engineer your app have it a lot harder and really that is so much harder if you don't know what a specific class does so in the end you can't prevent people from reverse engineering your app because they of course have your apk and they can do whatever they want with it but you can make their life a lot harder with r8 so those were the big advantages r8 and program have now i actually want to get into android studio and show you how we can actually apply these principles in our projects so here i am back in android studio in an empty project and what we want to do is we want to open up our build.cradle module app file because in this file we want to declare that we want to use all of these optimizations i talked about before so if we scroll down here you can see there is a build types block included by default and inside of this built ups block we have a release block that means that all the options the gradle options we define instead of this release block will only be applied to the release build of our app so these are not applied to the debug build of our app so if we would just launch our app here in the android emulator then these options would not be applied because by default we launched the debug build of our app and the release build is just the build that we create before we upload our app to google play because of course when we debug our app then we don't want this obfuscation we don't want that our classes are renamed because that of course makes it harder to find out errors if you have a stack trace and you just can't read the class names you don't know which class that actually is and yeah as you can see instead of this release block there is an option minify enabled and that is set to false by default what does that mean that is actually what will manage most of the stuff with r8 so if we set this to true here then it will on the one hand optimize your code as i said it will remove unused if statements unused try catch and all that stuff it will just optimize your code it will remove all unused classes all unused functions also from your libraries and it will also obfuscate your code so this option if you set this to true then it will rename all your classes and functions for your release build and all of that will make your app a lot smaller in size so you should always set this to true if you plan on releasing your app but there's also another option that you can set to true which is shrink resources which will just well shrink your resources it will remove unused resources as i already explained before and then we have another option which is program files and here it just defines some file path to a proguard rules.profile we can find this file here also in our gradle scripts folder here it is program rules dot pro and if we open this you can see that it's just an empty file well these are just comments but inside of this file we can declare rules for proguard so we essentially use r8 here to optimize our code but r8 also uses these proguard rules files and here we can for example declare classes we don't want to obfuscate we want to we can declare classes we don't want to optimize and all that stuff and now you might ask why that is actually useful to not obfuscate some classes because you actually usually think that you want to obfuscate everything but that is not true let's think of for example of network model classes so you just define some data classes that you use to parse some json into and these are classes you usually don't want to obfuscate because if you would do that the problem would be that the field names of the json response must be the same as the field names of your data class and if your code is obfuscated that means that the field names of your data class will be renamed and then kotlin or android studio won't know which fields from the json class or the json response it should parse into which fields of your data class so that means we should add these data classes here in this program rules file so our eight will know okay i shouldn't obfuscate these classes so whenever you actually build your release app then i would always try it out before you upload it to google play so just because an app works in debug build doesn't mean it works in release build as well because if you forgot about these things then your app will crash so i actually also want to show you how you can do that there are a lot of rules you can actually or a lot of options you have with these rules i can show you all of that in this tutorial there is also i'm sure there's a documentation about that but i will show you how you can actually declare to keep specific classes to not obfuscate those first of all i want to sync gradle click on sync now and then i will just create a package here in our root package called whatever network and in this package we want to create some data class so i will actually just create one here to show you how this works let's say we have a data class for example news response so let's say you use some news api and this news response class here just contains some fields for example the title of the news article which is a string and of course some more but i will just leave it like that and if you would now just leave this minifi enable to true in your release block and you create the release build and you just leave it like that then your app would crash at the point where data is parsed to this news response class because it tries to parse the title from the json to this title here but this title would actually not be named title in your release build instead it would be renamed to something unreadable and to just declare this class as a class we don't want to obfuscate we have two options on the one hand we can just add the keep annotation here which will just tell pro guard hey or r8 hey we want to keep this class don't obfuscate this now if you have a lot of data classes that is annoying to always add this keep annotation so you can do this as a quick way if you only have a specific class but to actually add more classes to your pool you don't want to obfuscate you can use these pro guard rules here because with these rules here it's actually very easy to just declare that you want to keep all classes in a specific package so for example in the package that contains all your network models let's do that here below the comments we define minus keep we want to keep a class or multiple classes and now we just define the package name so come that pure coding our a tutorial and then the network package and instead of that package you can see we could add the newsresponse class then it would only keep this class but we can also just put an asterisk here and then it will keep all classes inside of that package and you could optionally also put in curly brackets here and also define some classes or rather functions you want to keep in this package so then only the functions that you declare here will be will not be obfuscated and the rest will be obfuscated but we can also just put an asterisk and a semicolon here to include all functions and classes and that is actually the whole magic of r8 it's really not that complicated it gets a little more complicated if you have very special rules you want to declare here but in most cases you actually only want to keep some classes here and then it's enough to know this this line basically um now you might wonder how can you actually build that release build of your app because by default if you build your app it will build the debug build not the release build to switch that we go to build and click on select build variant and you can see a window will open up here where it says debug which is the active build variant we can click on that and select release and then it will automatically sync gradle and now it is set to release build so when we now go to build and go to build bundles and apks we can build our app bundle which i always prefer of apk um which is just a newer way of building something to release it um so google play will actually make some optimizations here for specific devices so your app will be smaller for your users if you use bundles we click on that and then your project will rebuild let's wait and now that is done this is not a release build you could upload to google play for that you would need to generate a signed bundle or apk here um and sign that with a key store that is too much for this tutorial um and also not part of this tutorial anyways you just now built an android app bundle out of your app and this if this was if this was signed you could upload that to google play but now you might wonder what actually happens if your app crashes for some of your users and they submit the crash report because the users of your app of course have the release build on their phone and if they submit the the crash report then this crash report will contain the obfuscated code so it will contain the classes renamed to unreadable names and that is very difficult to impossible to find an error in that obfuscated code so how does it actually work if you want to understand your own release code but nobody else luckily if we use r8 it will generate a so-called mapping file that is just a text file that contains which classes and which functions which fields were renamed to what so with this file you can just take that and also upload it with your android bundle to google play and google play will automatically basically translate the error message from the user to the error message that is actually readable for you and you will find that file if you go to this android here select project to see all of your files you open this your project folder and here is the build folder which was generated on build we go inside oops not actually that one we go to app not this build folder we need to go to app and this build folder here here we have folder outputs and folder mapping and release and inside of this release folder you can see there is a mapping.txt file and if we open that you can see it used r8 as the compiler and here you can see all the classes and how they were basically renamed so you can see the cancelable class or interface whatever that is was renamed to a point a point a the component activity class was renamed to um i don't know actually how to read this file but you can see it's basically a mapping file and this was mapped to this so if you just see these short letters and names or whatever then it's very hard to actually find an error in your code but with this mapping file you can easily do that and it's very important to backup such a mapping file for each release you upload to google play because these are just overwritten each time you build your app and that's if you just forget to to copy this over somewhere else then it will basically be lost and then you have no way of translating the the crash to you to your code actually so that is it for this video i hope this was understandable for you if not then tell me that below also if so but if not is more important to me because that helps me to improve my way of teaching also if you are looking for more advanced android courses check out the first link in this video's description which will lead you to my website and there you will just find more advanced android courses and that is also where you can support me and my work if you want a little discount on these courses you can use the discount code philip 15 and this will this will just give you 15 percent off of all my courses there so i hope you like this see you next video have a nice day bye bye [Music] you
Info
Channel: Philipp Lackner
Views: 12,117
Rating: 4.9499373 out of 5
Keywords: android, tutorial, philip, philipp, filipp, filip, fillip, fillipp, phillipp, phillip, lackener, leckener, leckner, lackner, kotlin, mobile, r8, proguard, android studio, gradle, minify, minifyenabled, shrinkresources, shrink, optimize, dependencies, libraries
Id: bgpyuuzMlo0
Channel Id: undefined
Length: 18min 8sec (1088 seconds)
Published: Sat Jan 09 2021
Related Videos
Dagger-Hilt in Detail - Full Course
Philipp Lackner
27K
Let, Also, Apply, Run, With - Kotlin Scope Functions
Philipp Lackner
20K
Introducing Jotform’s New Look – With the Same Powerful Forms
Jotform
17K
Effective ProGuard keep rules for smaller applications (Google I/O '18)
Android Developers
24K
How to Support ALL Screen Sizes on Android - Full Guide
Philipp Lackner
26K
Shrinking your app with R8 (Android Dev Summit '19)
Android Developers
14K
The Ultimate Retrofit Crash Course
Philipp Lackner
11K
How Proguard Works
DroidconBos
9K
LiveData deprecated? - Full Guide to StateFlow
Philipp Lackner
23K
How to Make a Clean Architecture Cryptocurrency App (MVVM, Use Cases, Compose) - Android Studio
Philipp Lackner
43K
If I Was to Start Android Again... THIS Is How I Would Do It!
Philipp Lackner
9.1K
5 Common Android Anti-Patterns That Make Your Code a Mess
Philipp Lackner
6.4K
How to Make Your Code Clean With Kotlin Sealed Classes
Philipp Lackner
14K
Kotlin Flows in a Nutshell
Philipp Lackner
25K
How Does The James Webb Space Telescope Work? - Smarter Every Day 262
SmarterEveryDay
1.2M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.