Remember that the best configuration of ProGuard is a configuration with a minimum of exceptions. With the exception, I understand:
-keepclassmembers class * extends android.content.Context { public void *(android.view.View); public void *(android.view.MenuItem); }
Go through proguard-android-optimize.txt and see the optimization / obfuscation options.
For a detailed description of the ProGuard options, I use this
-optimizations !code/simplification/arithmetic,!code/simplification/cast,!field/*,!class/merging/* This is a list of possible optimizations ,! means negation, so this optimization is not used
-optimizationpasses 5 Specifies the number of optimization passes to complete. By default, one pass is performed. Multiple omissions may lead to further improvements. If no improvements are found after completing the optimization, the optimization is completed. Only applicable for optimization.
Usage: OK, and it looks like by default 5 passes are enough
-allowaccessmodification Specifies that access modifiers for classes and class members can be extended during processing. This can improve the results of the optimization phase.
Usage: OK, yes, it looks like an improved optimization
-dontpreverify When setting up on Android, preverifing is not required, so dontpreverify disables it in order to slightly reduce processing time. But this parameter does not affect the inviolability of the code.
Usage: OK, just a little time for data processing
-dontusemixedcaseclassnames Specifies not to generate class names of the mixed class when obfuscated. By default, obfuscated class names may contain a combination of uppercase and lowercase characters. This creates perfectly acceptable and usable cans.
Usage: QUESTIONABLE, I can’t find the exact reason why this option is added, but it looks like the name of the change class from abcdef to AbSdEf does not make the code unbreakable
-dontskipnonpubliclibraryclasses Specifies not to ignore non-public library classes. Starting with version 4.5, this is the default value.
Usage: Good, very helpful.
The following options are not included in proguard-android-optimize.txt:
-mergeinterfacesaggressively Indicates that interfaces can be combined even if their implementation classes do not implement all of the interface methods ... setting this option may reduce the performance of the processed code on some JVMs
Usage: BAD, looks dangerous for Android, is not included in the configuration, summary of class ban / merge / in optimization
-overloadaggressively Specifies the use of aggressive overload when entangled. Multiple fields and methods can then be given the same name if their arguments and return types differ as required by Java bytecode (and not just their arguments as required by Java)
Usage: BAD, Google Dalvik VM cannot handle overloaded static fields.
-repackageclasses '' Specifies to repackage all class files that are renamed by moving them to a single specified package. Without an argument or with an empty string (''), the package is completely deleted. This parameter overrides the -flattenpackagehierarchy parameter.
Usage: OK, Used by Google, so at least we found an option that we can add to our configuration
Therefore, I know only one useful and not dangerous option for obfuscation:
-repackageclasses ''
Also pay attention to decoding stack stacks. ProGuard also removes the file name and line numbers from stacktrace. This makes error detection difficult. You can save line numbers by adding the following code to your config:
-renamesourcefileattribute SourceFile -keepattributes SourceFile,LineNumberTable
This will save line numbers, but will replace the file name in stacktrace with "SourceFile".
Also, remember that ProGuard looks vulnerable because it does not encrypt string resources , so consider using DexGuard or encrypt important strings (e.g. tokens, URLs).