一、前言
之前因为一个人又要做产品设计,同时又要开发iOS版本,实在精力有限,所以对Android项目关注度不足,导致Android项目一直未做代码混淆,从技术安全角度上也增加了一定的风险。
目前项目组iOS开发人员比较充足,也就有空腾出时间去纠正以前给自己埋下的坑,虽说组内也有专人负责开发Android版本,关于项目打包等工作理应移交出去,将自己的精力更多地放在项目管理与产品质量上,但是毕竟是一颗技术的心,对自己未完全掌握或尝试过的技能有一种跃跃欲试的感觉,所以在兼顾产品质量与项目管理的基础上,腾出时间来做一些技术尝试。
废话不说,先上干货。
二、标准化proguard-rules.pro模板
To enable ProGuard in your project, edit project.properties
to define the proguard.config property as described in that file.
Add project specific ProGuard rules here.
By default, the flags in this file are appended to flags specified
in ${sdk.dir}/tools/proguard/proguard-android.txt
You can edit the include path and order by changing the ProGuard
include property in project.properties.
For more details, see
http://developer.android.com/guide/developing/tools/proguard.html
Add any project specific keep options here:
If your project uses WebView with JS, uncomment the following
and specify the fully qualified class name to the JavaScript interface
class:
-keepclassmembers class fqcn.of.javascript.interface.for.webview {
public *;
}
定制化区域------------------------------------------
实体类----------------------------------------------
-keep class xx.xxxxx.request.** { *; }
-keep class xx.xxxxx.response.** { *; }
-keep class xx.xxxxx.myview.**{ *; }
-keep class xx.xxxxx..module.adapter.BaseAdapter
-keep class xx.xxxxx..photoview.**{ *; }
-keep class xx.xxxxx.xx.xxxxx.publishpic_util.**{ *; }
-keep class xx.xxxxx.uploader.** { *; }
第三方包--------------------------------------------
umeng 分享-----------------------------------------
-dontshrink
-dontoptimize
-dontwarn com.google.android.maps.**
-dontwarn android.webkit.WebView
-dontwarn com.umeng.**
-dontwarn com.tencent.weibo.sdk.**
-dontwarn com.facebook.**
-keep enum com.facebook.**
-keepattributes Exceptions,InnerClasses,Signature
-keepattributes *Annotation*
-keepattributes SourceFile,LineNumberTable
-keep public interface com.facebook.**
-keep public interface com.tencent.**
-keep public interface com.umeng.socialize.**
-keep public interface com.umeng.socialize.sensor.**
-keep public interface com.umeng.scrshot.**
-keep public class com.umeng.socialize.* {*;}
-dontwarn javax.**
-keep public class javax.**
-keep class javax.**
-keep public class android.webkit.**
-keep class com.facebook.**
-keep class com.facebook.** { *; }
-keep class com.umeng.scrshot.**
-keep public class com.tencent.** {*;}
-keep class com.umeng.socialize.sensor.**
-keep class com.umeng.socialize.handler.**
-keep class com.umeng.socialize.handler.*
-keep class com.tencent.mm.sdk.modelmsg.WXMediaMessage {*;}
-keep class com.tencent.mm.sdk.modelmsg.** implements com.tencent.mm.sdk.modelmsg.WXMediaMessage$IMediaObject {*;}
-keep class im.yixin.sdk.api.YXMessage {*;}
-keep class im.yixin.sdk.api.** implements im.yixin.sdk.api.YXMessage$YXMessageData{*;}
-dontwarn twitter4j.**
-keep class twitter4j.** { *; }
-keep class com.tencent.** {*;}
-dontwarn com.tencent.**
-keep public class com.umeng.soexample.R$*{
public static final int *;
}
-keep public class com.umeng.soexample.R$*{
public static final int *;
}
-keep class com.tencent.open.TDialog$*
-keep class com.tencent.open.TDialog$* {*;}
-keep class com.tencent.open.PKDialog
-keep class com.tencent.open.PKDialog {*;}
-keep class com.tencent.open.PKDialog$*
-keep class com.tencent.open.PKDialog$* {*;}
-keep class com.sina.** {*;}
-dontwarn com.sina.**
-keep class com.alipay.share.sdk.** {
*;
}
-keepnames class * implements android.os.Parcelable {
public static final ** CREATOR;
}
-keep class com.linkedin.** { *; }
-keepattributes Signature
-dontwarn com.umeng.socialize.**
-keep class com.umeng.socialize.**{ *; }
umeng统计-----------------------------------------
-keepclassmembers class * {
public <init> (org.json.JSONObject);
}
-keep public class cc.moko.mokodreamwork.R$*{
public static final int *;
}
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-dontwarn u.aly.**
-keep class u.aly.** { *; }
-dontwarn com.umeng.analytics.**
-keep class com.umeng.analytics.** { *; }
Jpush----------------------------------------------
-dontoptimize
-dontpreverify
-dontwarn cn.jpush.**
-keep class cn.jpush.** { *; }
gson==========================
-dontwarn com.google.**
-keep class com.google.gson.** {*;}
protobuf======================
-dontwarn com.google.**
-keep class com.google.protobuf.** {*;}
百度统计----------------------------------------------
-keep class com.baidu.kirin.** { *; }
-keep class com.baidu.mobstat.** { *; }
-keep class com.baidu.bottom.** { *; }
其他-----------------------------------------------
android-support-v4.jar----------------------------------
-dontwarn android.support.v4.**
-dontwarn **CompatHoneycomb
-dontwarn **CompatHoneycombMR2
-dontwarn **CompatCreatorHoneycombMR2
-keep interface android.support.v4.app.** { *; }
-keep class android.support.v4.** { *; }
-keep public class * extends android.support.v4.**
-keep public class * extends android.app.Fragment
android-support-v7.jar------------------------------------
-dontwarn android.support.v7.**
-keep public class * extends android.support.v7.**
-keep class android.support.v7.** { *; }
gson-2.2.4.jar-------------------------------------------
Gson uses generic type information stored in a class file when working with fields. Proguard
removes such information by default, so configure it to keep all of it.
-keepattributes Signature
For using GSON @Expose annotation
-keepattributes *Annotation*
Gson specific classes#
-keep class sun.misc.Unsafe { *; }
-dontwarn com.google.gson.annotations.**
-dontwarn com.google.gson.internal.**
-dontwarn com.google.gson.reflect.**
-dontwarn com.google.gson.stream.**
-dontwarn com.google.gson.**
-keep class com.google.gson.annotations.** { *; }
-keep class com.google.gson.internal.** { *; }
-keep class com.google.gson.reflect.** { *; }
-keep class com.google.gson.stream.** { *; }
-keep class com.google.gson.** { *; }
jackson-annotations-2.1.4.jar-------------------------------
-dontwarn com.fasterxml.jackson.annotation.**
-keep class com.fasterxml.jackson.annotation.** { *; }
jackson-core-2.1.4.jar--------------------------------------
-dontwarn com.fasterxml.jackson.core.**
-keep class com.fasterxml.jackson.core.** { *; }
jackson-databind-2.1.4.jar----------------------------------
-dontwarn com.fasterxml.jackson.databind.**
-keep class com.fasterxml.jackson.databind.** { *; }
locSDK_3.3.jar---------------------------------------------
-dontwarn com.baidu.location.**
-keep class com.baidu.location.** { *; }
zxing-core-2.2.jar----------------------------------------
-dontwarn com.google.zxing.**
-keep class com.google.zxing.** { *; }
Serializable-----------------------------------------------
Explicitly preserve all serialization members. The Serializable interface
is only a marker interface, so it wouldn't save them.
-keepclassmembers class * implements java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[] serialPersistentFields;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
}
-keep public class * implements java.io.Serializable {*;}
android-async-http-1.4.6.jar----------------------------------
-dontwarn com.loopj.android.http.**
-keep class com.loopj.android.http.**{*;}
cyberplayer.jar----------------------------------------------
-dontwarn com.baidu.cyberplayer.**
-keep class com.baidu.cyberplayer.** { *; }
flame.jar---------------------------------------------------
-dontwarn com.pocketdigi.utils.**
-keep class com.pocketdigi.utils.** { *; }
glide-3.6.1.jar----------------------------------------------
-dontwarn com.bumptech.glide.**
-keep class com.bumptech.glide.** { *; }
httpmime-4.1.3.jar-----------------------------------------
-dontwarn org.apache.http.entity.mime.**
-keep class org.apache.http.entity.mime.** { *; }
jackson-all-1.7.6.jar----------------------------------------
-dontwarn org.codehaus.jackson.**
-keep class org.codehaus.jackson.** { *; }
jncryptor-1.2.1-SNAPSHOT.jar--------------------------------
-dontwarn org.cryptonode.jncryptor.**
-keep class org.cryptonode.jncryptor.** { *; }
nineoldandroids-2.4.0.jar------------------------------------
-dontwarn com.nineoldandroids.**
-keep class com.nineoldandroids.** { *; }
pinyin4j-2.5.0.jar------------------------------------------
-dontwarn com.hp.hpl.sparta.**
-dontwarn demo.**
-keep class com.hp.hpl.sparta.** { *; }
-keep class demo.** { *; }
pulllibrary.jar---------------------------------------------
-dontwarn com.handmark.pulltorefresh.library.**
-keep class com.handmark.pulltorefresh.library.** { *; }
qiniu-android-sdk-7.0.2.jar----------------------------------
-dontwarn com.qiniu.**
-keep class com.qiniu.**{*;}
-keep class com.qiniu.**{public <init>();}
slidingmenulib.jar------------------------------------------
-dontwarn com.jeremyfeinstein.slidingmenu.lib.**
-keep class com.jeremyfeinstein.slidingmenu.lib.** { *; }
swipelistview-1.0-20130701.103547-12-jar-with-dependencies.jar--
-dontwarn com.fortysevendeg.android.swipelistview.**
-keep class com.fortysevendeg.android.swipelistview.** { *; }
universal-image-loader-1.9.4-with-sources.jar--------------------
-dontwarn com.nostra13.universalimageloader.**
-keep class com.nostra13.universalimageloader.** { *; }
xUtils-2.6.14.jar----------------------------------------------
-dontwarn com.lidroid.xutils.**
-keep class com.lidroid.xutils.** { *; }
picasso-2.4.0.jar---------------------------------------------
-dontwarn com.squareup.picasso.**
-keep class com.squareup.picasso.** { *; }
hyphenatechat_3.1.0.jar---------------------------------------
-dontwarn com.hyphenate.**
-dontwarn internal.org.apache.http.entity.mime.**
-keep class com.hyphenate.** { *; }
-keep class internal.org.apache.http.entity.mime.** { *; }
-libraryjars src/main/jniLibs/armeabi/libcyberplayer.so
-libraryjars src/main/jniLibs/armeabi/libcyberplayer-core.so
-libraryjars src/main/jniLibs/armeabi/libmp3lame.so
alipaySdk-20160223.jar---------------------------------------
-dontwarn com.alipay.**
-dontwarn com.ta.udidi2.**
-dontwarn com.ut.device.**
-dontwarn org.json.alipay.**
-keep class com.alipay.** { *; }
-keep class com.ta.udidi2.** { *; }
-keep class com.ut.device.** { *; }
-keep class org.json.alipay.** { *; }
asmack-android-17-0.8.3.jar----------------------------------
-dontwarn com.kenai.jbosh.**
-dontwarn com.novell.sasl.client.**
-dontwarn de.measite.smack.**
-dontwarn org.apacke.**
-dontwarn org.jivesoftware.**
-dontwarn org.xbill.DNS
-keep class com.kenai.jbosh.** { *; }
-keep class com.novell.sasl.client.** { *; }
-keep class de.measite.smack.** { *; }
-keep class org.apacke.** { *; }
-keep class org.jivesoftware.** { *; }
-keep class org.xbill.DNS { *; }
GifView.jar-----------------------------------------------
-dontwarn com.ant.liao.**
-keep class com.ant.liao.** { *; }
与js互相调用的类---------------------------------------
反射相关的类和方法--------------------------------------
基本不用动区域-----------------------------------------
基本指令区---------------------------------------------
-optimizationpasses 5 #代码混淆的压缩比例,值在0-7之间
-dontusemixedcaseclassnames #混淆后类名都为小写
-dontskipnonpubliclibraryclasses #指定不去忽略非公共的库的类
-dontskipnonpubliclibraryclassmembers #指定不去忽略非公共的库的类的成员
-dontshrink
-dontoptimize
-dontpreverify #不做预校验的操作
-verbose
-printmapping proguardMapping.txt #生成原类名和混淆后的类名的映射文件
-optimizations !code/simplification/cast,!field/*,!class/merging/* #指定混淆是采用的算法
-keepattributes *Annotation*,InnerClasses #不混淆Annotation
-keepattributes Signature #不混淆泛型
-keepattributes SourceFile,LineNumberTable #抛出异常时保留代码行号
-keepattributes EnclosingMethod
-ignorewarnings
默认保留区------------------------------------------
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Appliction
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class * extends android.view.View
-keep public class com.android.vending.licensing.ILicensingService
-keep class android.support.** {*;}
-keepclasseswithmembernames class * {
native <methods>;
}
-keepclassmembers class * extends android.app.Activity{
public void *(android.view.View);
}
-keepclassmembers enum * {
public static **[] values();
public static ** valueOf(java.lang.String);
}
-keep public class * extends android.view.View{
*** get*();
void set*(***);
public <init>(android.content.Context);
public <init>(android.content.Context, android.util.AttributeSet);
public <init>(android.content.Context, android.util.AttributeSet, int);
}
-keepclasseswithmembers class * {
public <init>(android.content.Context, android.util.AttributeSet);
public <init>(android.content.Context, android.util.AttributeSet, int);
}
-keep class * implements android.os.Parcelable {
public static final android.os.Parcelable$Creator *;
}
-keepclassmembers class * implements java.io.Serializable {
static final long serialVersionUID;
private static final java.io.ObjectStreamField[] serialPersistentFields;
private void writeObject(java.io.ObjectOutputStream);
private void readObject(java.io.ObjectInputStream);
java.lang.Object writeReplace();
java.lang.Object readResolve();
}
-keep class **.R$* {
*;
}
-keepclassmembers class * {
void *(**On*Event);
}
webview---------------------------------------------
-keepclassmembers class fqcn.of.javascript.interface.for.webview {
public *;
}
-keepclassmembers class * extends android.webkit.webViewClient {
public void *(android.webkit.WebView, java.lang.String, android.graphics.Bitmap);
public boolean *(android.webkit.WebView, java.lang.String);
}
-keepclassmembers class * extends android.webkit.webViewClient {
public void *(android.webkit.webView, java.lang.String);
}