Description
ProGuard rules use -keep class ... { *; } for entire packages, which prevents code shrinking and obfuscation. This increases APK size and makes reverse engineering easier.
Problem Location
proguard-rules.pro - Multiple overly broad rules:
-keep class com.fasterxml.jackson.** { *; }
-keep class org.json.** { *; }
-keep class okhttp3.** { *; }
-keep class org.flossware.jnexus.** { *; }
-keep class androidx.compose.** { *; }
Impact
- APK size: Keeps unused code that could be removed
- Security: No obfuscation makes reverse engineering easier
- Performance: Larger APK = slower download/install
Better Approach
Keep only what's needed:
# Keep only jnexus data models (they're used via reflection/serialization)
-keep class org.flossware.jnexus.RepoRecord { *; }
-keep class org.flossware.jnexus.ComponentMetadata { *; }
-keep class org.flossware.jnexus.SearchCriteria { *; }
-keep class org.flossware.jnexus.RepositoryStats { *; }
# Keep Jackson annotations
-keepattributes *Annotation*
-keep class com.fasterxml.jackson.annotation.** { *; }
# OkHttp - only keep what's needed for reflection
-dontwarn okhttp3.**
-dontwarn okio.**
# Compose - usually doesn't need explicit keeps in modern versions
-dontwarn androidx.compose.**
Testing
After changing rules:
- Build release APK
- Test all features (especially JSON serialization)
- Compare APK sizes (expect 10-30% reduction)
- Use APK Analyzer to verify shrinking worked
Description
ProGuard rules use
-keep class ... { *; }for entire packages, which prevents code shrinking and obfuscation. This increases APK size and makes reverse engineering easier.Problem Location
proguard-rules.pro - Multiple overly broad rules:
Impact
Better Approach
Keep only what's needed:
Testing
After changing rules: