How to upgrade from ProGuard to DexGuard

How to upgrade from ProGuard to DexGuard

In one of our previous blog posts, we zoomed in on the differences between ProGuard and DexGuard. Now it is time to have a look at what you need to do once you have decided to upgrade to DexGuard. The good news is that transitioning from ProGuard to DexGuard is straightforward. You won't have to hire expensive consultants to get the software to work, you won't even have to reconfigure your build system. You can start from your existing ProGuard configuration and implement DexGuard's additional layers of protection in a series of consecutive steps.

1) Start from your existing ProGuard configuration

DexGuard is backward compatible with ProGuard. You can re-use your existing ProGuard configuration file and get started with DexGuard. Since DexGuard processes all the components of your Android application (and not just the bytecode), you will have to add some keep rules to correctly preserve the libraries, resources, resource files and assets that are used by reflection. The actual time needed to configure DexGuard depends on the amount of reflection in your code and can vary from a couple of hours to three days at the most.

2) Harden your application 

At this point, DexGuard will only provide basic obfuscation (name obfuscation). To make use of DexGuard's advanced code hardening capabilities, you will have to identify the components (classes, strings, assets etc.) of your application that need additional protection and obfuscate or encrypt them with a few configuration options. Successful implementation requires some trial and error. Small projects can be configured in three days or less; projects with many external libraries can take up to five days to configure.

3) Set up DexGuard's runtime protection

DexGuard integrates various runtime self-protection mechanisms into your Android application to protect it from dynamic analysis and live attacks. To make use of DexGuard's runtime protection, you need to implement a few simple API calls from your application. Do not forget to harden these calls with DexGuard's static protection. Setting up the runtime protection mechanisms takes one to two days.

implementation time indication for proguard to dexguard upgrade

Support available!

  • DexGuard comes with a tuned configuration for the Android Runtime.
  • DexGuard performs automatic instrumentation of code at runtime to account for some amount of reflection. This will help you to set up DexGuard more efficiently.
  • The DexGuard documentation outlines a series of best practices to help you protect your Android application.
  • DexGuard comes with working sample projects demonstrating its capabilities.
  • Our security engineers are available to help you solve any technical issue you may encounter.

Protect your Android applications with DexGuard