DEV Community

Diven Rastdus
Diven Rastdus

Posted on • Originally published at astraedus.dev

R8 Minification Silently Killed My Android App's Core Feature (And Tests Didn't Catch It)

#android #kotlin #cicd #testing

My CI pipeline was green. Unit tests passed. The APK built and signed without errors. I installed it on my Pixel 3. The app launched, looked perfect.

Then I tried to use it. Nothing happened.

No crash. No error dialog. No logcat stacktrace. The app's entire core feature was just... gone. Like someone had hollowed it out and left the shell.

What I was building

Nudge is an open-source Android app blocker. You pick the apps you waste time on and set a delay (say, 30 seconds). Nudge forces you to wait before opening them.

It uses three Android system APIs that require special permissions:

  • AccessibilityService to detect which app is in the foreground
  • SYSTEM_ALERT_WINDOW to draw the delay countdown overlay
  • PACKAGE_USAGE_STATS to track daily screen time per app

The debug build worked flawlessly. I'd been testing it for weeks. The release build was supposed to be the same thing, just signed and minified.

It was not the same thing.

The 2MB red flag I ignored

Here's what the release APK looked like:

debug APK:   12.4 MB
release APK:  2.1 MB
Enter fullscreen mode Exit fullscreen mode

I should have questioned that 83% size reduction. Instead, I thought "wow, R8 really does its job." It did its job too well.

R8 is Android's default code shrinker and optimizer. It removes unused classes, inlines methods, renames symbols, and strips dead code. For most apps, it's free performance. For apps that rely on system-level callbacks, it's a silent killer.

What R8 actually stripped

R8 analyzed my code's call graph and decided several things were "unused":

  1. NudgeAccessibilityService - The Android system instantiates this class by reading the manifest. R8 doesn't know that. It saw no new NudgeAccessibilityService() in the code, so it stripped it.

  2. BlockOverlayActivity - Launched via an explicit Intent constructed at runtime. R8 traced the static references but couldn't follow the dynamic class resolution.

  3. Hilt entry points - Dagger/Hilt uses annotation processing and reflection to wire dependencies. R8 stripped the interfaces that Hilt's generated code needs at runtime.

The result? The app installed. The UI rendered. But the AccessibilityService never registered with the system. No foreground app detection. No overlay. No blocking. The app was a beautiful, non-functional shell.

Why tests didn't catch it

This is the part that stung. I had tests. They passed.

# From our GitHub Actions workflow
- name: Run tests
  run: ./gradlew test

- name: Build release APK
  run: ./gradlew assembleRelease
Enter fullscreen mode Exit fullscreen mode

The problem: ./gradlew test runs against the debug build variant. The release build with R8 is a completely different artifact. My tests verified the debug build worked. Then CI built a release APK that was structurally different.

This is equivalent to testing your code on localhost and deploying a Docker image built with different flags. The artifact you tested is not the artifact you shipped.

The fix (and why I didn't just add ProGuard rules)

The obvious fix is ProGuard keep rules:

# AccessibilityService instantiated by the system via manifest
-keep class com.astraedus.nudge.service.NudgeAccessibilityService { *; }

# Overlay activity launched via Intent
-keep class com.astraedus.nudge.ui.overlay.BlockOverlayActivity { *; }

# Hilt entry points use reflection
-keep interface com.astraedus.nudge.service.NudgeAccessibilityService$NudgeAccessibilityEntryPoint { *; }
Enter fullscreen mode Exit fullscreen mode

I wrote these rules. Then I disabled R8 entirely.

buildTypes {
    release {
        isMinifyEnabled = false
        signingConfig = signingConfigs.getByName("release")
    }
}
Enter fullscreen mode Exit fullscreen mode

Why? Nudge has zero internet permission. There's no network call to intercept, no API key to extract, no proprietary algorithm to reverse-engineer. The source code is public on GitHub. Minification was adding build complexity and production risk for zero security benefit.

ProGuard rules are the right answer for apps that need obfuscation. For open-source apps with system-level APIs, the risk-reward math doesn't work out. Every new service class or Hilt module becomes a potential R8 landmine unless you maintain the keep rules in lockstep.

What I should have done differently

1. Test the release build, not just the debug build.

- name: Run tests against release variant
  run: ./gradlew testReleaseUnitTest

- name: Build and install release APK on emulator
  run: |
    ./gradlew assembleRelease
    adb install app/build/outputs/apk/release/app-release.apk
    # Smoke test: verify the accessibility service registers
    adb shell dumpsys accessibility | grep -q "NudgeAccessibilityService"
Enter fullscreen mode Exit fullscreen mode

This would have caught the stripped service in CI before it reached a device.

2. Treat APK size deltas as a signal.

A debug-to-release size reduction of more than 50% warrants investigation. R8 removing 83% of your APK means it's removing a lot of code it thinks is dead. Some of it might not be.

3. Verify system service registration in your test suite.

For any Android app that uses AccessibilityService, NotificationListenerService, or DeviceAdminReceiver, add a test that verifies the service appears in the system's service list after installation. These services fail silently when missing.

Bonus: the permission disclosure pattern

Getting Google Play to approve an app with QUERY_ALL_PACKAGES, AccessibilityService, and SYSTEM_ALERT_WINDOW is its own adventure. Google's review team needs to see explicit in-app disclosure of what each permission does and why.

Here's the pattern I used in the onboarding flow:

@Composable
private fun PermissionCard(
    icon: ImageVector,
    title: String,
    description: String,
    onClick: () -> Unit
) {
    Card(
        modifier = Modifier.fillMaxWidth(),
        onClick = onClick
    ) {
        Row(modifier = Modifier.padding(16.dp)) {
            Icon(icon, contentDescription = null)
            Spacer(Modifier.width(12.dp))
            Column {
                Text(title, style = MaterialTheme.typography.titleSmall)
                Text(description, style = MaterialTheme.typography.bodySmall)
            }
        }
    }
}
Enter fullscreen mode Exit fullscreen mode

Each card explains what the permission accesses, why, and explicitly states what it does NOT do:

"Detects which app is in the foreground so Nudge can trigger your block rules. Does not read your messages, keystrokes, or screen content."

The "does not" part matters. Google's review checks for proactive privacy disclosure, and users are (rightly) suspicious of AccessibilityService apps.

The takeaway

R8 minification is not compression. It's a code transformation that decides what your app needs at runtime. When those decisions are wrong, nothing crashes. Nothing logs an error. The feature just doesn't exist.

If your Android app uses system callbacks (AccessibilityService, ContentProvider, BroadcastReceiver registered in manifest), either maintain ProGuard rules religiously or ask yourself whether minification is earning its keep.

And whatever you do: test the artifact you ship, not the artifact you develop against. That gap is where bugs like this live.

Nudge is open source: github.com/astraedus/nudge

Top comments (0)