For this tips will be use the Obfuscation and Custom Rules approach to enable minify and compress code.
Content
Obfuscation
To obfuscate, you need to find the build.gradle file and enable the property minifyEnabled to true, like this:
release {
minifyEnabled true
...
}
Obfuscation Rules
After that, add the below lines in proguard-rules.pro file:
##############
# Ionic Config
##############
-keep class org.apache.cordova.** { *; }
-keep class org.apache.cordova.camera.** { *; }
-keep class org.apache.cordova.** { *; }
-keep public class * extends org.apache.cordova.CordovaPlugin
-keep class com.ionic.keyboard.IonicKeyboard.** { *; }
##############
# Ionic Config
##############
#########################################################
# Remember to change the com.abc.xyz to your real App id!
#########################################################
-keep class com.abc.xyz.BuildConfig { *; }
#########################################################
# Remember to change the com.abc.xyz to your real App id!
#########################################################
########
# AdmMob
########
-keep class * extends java.util.ListResourceBundle {
protected Object[][] getContents();
}
-keep public class com.google.android.gms.common.internal.safeparcel.SafeParcelable {
public static final *** NULL;
}
-keepnames @com.google.android.gms.common.annotation.KeepName class *
-keepclassmembernames class * {
@com.google.android.gms.common.annotation.KeepName *;
}
-keepnames class * implements android.os.Parcelable {
public static final ** CREATOR;
}
-keep public class com.google.cordova.admob.**
########
# AdmMob
########
########################################################
# Not sure if needed, found it in several documentations
########################################################
-keep class * extends java.util.ListResourceBundle {
protected Object[][] getContents();
}
-keep public class com.google.android.gms.common.internal.safeparcel.SafeParcelable {
public static final *** NULL;
}
-keepnames @com.google.android.gms.common.annotation.KeepName class *
-keepclassmembernames class * {
@com.google.android.gms.common.annotation.KeepName *;
}
-keepnames class * implements android.os.Parcelable {
public static final ** CREATOR;
}
########################################################
# Not sure if needed, found it in several documentations
########################################################
################################################
# Rules for Capacitor v3 plugins and annotations
################################################
-keep @com.getcapacitor.annotation.CapacitorPlugin public class * {
@com.getcapacitor.annotation.PermissionCallback <methods>;
@com.getcapacitor.annotation.ActivityCallback <methods>;
@com.getcapacitor.annotation.Permission <methods>;
@com.getcapacitor.PluginMethod public <methods>;
}
################################################
# Rules for Capacitor v3 plugins and annotations
################################################
################################################
# Rules for Capacitor v2 plugins and annotations
# These are deprecated.
# But can still be used with Capacitor for now
################################################
-keep @com.getcapacitor.NativePlugin public class * {
@com.getcapacitor.PluginMethod public <methods>;
}
################################################
# Rules for Capacitor v2 plugins and annotations
# These are deprecated.
# But can still be used with Capacitor for now
################################################
###########################
# Rules for Cordova plugins
###########################
-keep public class * extends org.apache.cordova.* {
public <methods>;
public <fields>;
}
###########################
# Rules for Cordova plugins
###########################
################################################
# Note! this rules add if you use Huawei Plugins
# HMS Settings
################################################
-ignorewarnings
-keepattributes *Annotation*
-keepattributes Exceptions
-keepattributes InnerClasses
-keepattributes Signature
-keep class com.huawei.hianalytics.**{*;}
-keep class com.huawei.updatesdk.**{*;}
-keep class com.huawei.hms.**{*;}
-repackageclasses
################################################
# Note! this rules add if you use Huawei Plugins
# HMS Settings
################################################
NOTE đ
Remember to check if any other package you use in your project has notes about another rule you must bed. Because use the proguard-rules.pro may break your app if you don't pay attention or omit those rules the author of the package gives you.
Rooted Device Checking
You can achieve these by using the Diagnostic Plugin to check if the device is rooted. Keep in mind that have many other functions if you want to check it.
Detect Jailbreak Phone
Another layer will be to use some library to check if your app is launched on an insecure OS like Jailbreak. I found this library to help prevent the Jailbreak and the documentation for setting it up.
Top comments (1)
Great tips. As I'm starting to check similar possible security enhancements in my app, your post fits like a glove.