Proguard obfuscation is not working

Why proguard won't obfuscate my code?

Initially, there were few rules in proguard file but now I have removed everything from proguard rules but still proguard is not obfuscating any of the code. I have checked it by decompiling the apk by dex2jar.  

How can I deal with it ?

 minifyEnabled true
 shrinkResources true
 useProguard true
 android.enableR8=false

What else can I do ?? any suggestions?

I have checked it by decompiling the apk by dex2jar.

How is that a check that obfuscation did not happen? What did you see that leads you to believe it didn't happen?

Tim Moores wrote:

I have checked it by decompiling the apk by dex2jar.

I wanted to make my android app more secured from reverse engineering so I have added proguard to it. I have used dex2jar and Jd-gui for checking whether proguard is working or not. I can still see my entire source code but few files are missing also. I am actually unable to understand whether it is working properly or not.

Tim Moores wrote:

How is that a check that obfuscation did not happen? What did you see that leads you to believe it didn't happen?

lasses and class members which are visible to me are also not renamed i.e. obfuscated


Just Fyi was following this articles :

Post both the proguard-rules.pro and build.gradle files (put CODE tags around their respective contents when posting).

Tim Moores wrote: build.gradle files (put CODE tags around their respective contents when posting).

minifyEnabled true  shrinkResources true  useProguard true  android.enableR8=false

Tim Moores wrote:

Post both the proguard-rules.pro

# # For more details, see #   http://developer.android.com/guide/developing/tools/proguard.html # Add any project specific keep options here: # If your project uses WebView with JS, uncomment the following # and specify the fully qualified class name to the JavaScript interface # class: #-keepclassmembers class fqcn.of.javascript.interface.for.webview { #   public *; #} -include /Users/xxxxxxxx/internalModule/proguard-rules.pro -optimizationpasses 5 -verbose -dontskipnonpubliclibraryclassmembers -ignorewarnings -keepattributes *Annotation* -keepclassmembers class * extends android.app.Activity {       public void *(android.view.View); } -keep class android.support.** { *; } -keep class com.example.app.** { *; } -keepclassmembers class com.example.app.** { *; } -keep class com.example.internalModule.** { *; } -keepclassmembers class com.example.internalModule.** { *; } # Glide -keep public class * implements com.bumptech.glide.module.GlideModule -keep public enum com.bumptech.glide.load.resource.bitmap.ImageHeaderParser$** {  **[] $VALUES;  public *; } # -keepresourcexmlelements manifest/application/meta-data@value=GlideModule -keep class org.ocpsoft.prettytime.i18n.** -keepattributes JavascriptInterface -keepattributes *Annotation* # EventBus -keepattributes *Annotation* -keepclassmembers class ** {    @org.greenrobot.eventbus.Subscribe <methods>; } -keep enum org.greenrobot.eventbus.ThreadMode { *; } # Only required if you use AsyncExecutor -keepclassmembers class * extends org.greenrobot.eventbus.util.ThrowableFailureEvent {    <init>(java.lang.Throwable); } # Butterknife # Retain generated class which implement Unbinder. -keep public class * implements butterknife.Unbinder { public <init>(**, android.view.View); } # Prevent obfuscation of types which use ButterKnife annotations since the simple name # is used to reflectively look up the generated ViewBinding. -keep class butterknife.* -keepclasseswithmembernames class * { @butterknife.* <methods>; } -keepclasseswithmembernames class * { @butterknife.* <fields>; } ##Branch sdk #-keep class io.branch.** { *; } # Realm -keepnames public class * extends io.realm.RealmObject -keep public class * extends io.realm.RealmModel { *; } -keep @io.realm.annotations.RealmModule class * -keep class io.realm.annotations.RealmModule -keep class io.realm.internal.Keep -keep @io.realm.internal.Keep class * -keep class io.realm.** { *; } -dontwarn javax.** -dontwarn io.realm.** -keepattributes *Annotation* # Calligraphy -keep class uk.co.chrisjenx.calligraphy.* { *; } -keep class uk.co.chrisjenx.calligraphy.*$* { *; } -dontwarn okio.** # MaterialRipple -keep class com.balysv.materialripple.** { *; } # Tap target -keep class uk.co.samuelwall.materialtaptargetprompt.** { *; } # Fabric -keepattributes SourceFile,LineNumberTable -keep public class * extends java.lang.Exception # Crashlytics -keep class com.crashlytics.** { *; } -dontwarn com.crashlytics.** # Razorpay -keepclassmembers class * {    @android.webkit.JavascriptInterface <methods>; } -keepattributes JavascriptInterface -keepattributes *Annotation* -dontwarn com.razorpay.** -keep class com.razorpay.** {*;} -optimizations !method/inlining/* -keepclasseswithmembers class * {  public void onPayment*(...); } # AppSee -keep class com.appsee.** { *; } -dontwarn com.appsee.** -keep class android.support.** { *; } -keep interface android.support.** { *; } -keepattributes SourceFile,LineNumberTable # Apache HttpClient -dontwarn org.apache.http.** # Camerakit -keepclasseswithmembers class com.camerakit.preview.CameraSurfaceView {    native <methods>; } -keep class org.jsoup.** -keep class sun.misc.Unsafe { *; }

If we can't see the full build file, we don't know whether the ProGuard directive is in a place where they will be used.

Which class names do you see unobfuscated? I note that the rules contain various duplications - that would not cause obfuscation to fail, but is obviously not a good thing.

Tim Moores wrote:Which class names do you see unobfuscated? I note that the rules contain various duplications - that would not cause obfuscation to fail, but is obviously not a good thing.

Can you point out the duplicate rules in it?. And my code is inside com-->example-->app -->otherPackagesName(package name according to structure of app )

Classes which are inside app are not obfuscated properly can see the entire source code in original form as in my code with same name also.

Look at the ProGuard rules carefully - you can spot duplicate rules easily.

If we don't know the class and package names that you think should be obfuscated we can't tell whether they would be covered by the rules.

If we can't see the full build file, we don't know whether the ProGuard directive is in a place where they will be used.

Also: Do you actually see during build time that ProGuard is being run? It produces quite a bit of output. Post that here.

Tim Moores wrote:
Also: Do you actually see during build time that ProGuard is being run? It produces quite a bit of output. Post that here.

Proguard is running I am debugging it since yesterday removing -donotskipnonpublicclassmembers. ended up that my dex.classes is getting obfuscated but apk is still not getting renamed. It's like if I am using dex2jar on classes.dex then I cannot see the actual source code but if use dex2jar on apk then I can see the full app source code.
Where I am going wrong here now ?