Menu Close Back

ProGuard vs. DexGuard

ProGuard vs. DexGuard

You may be familiar with ProGuard, an open source optimizer created by Guardsquare founder and CTO Eric Lafortune. But if you’re building Android apps and are interested in advanced protection and security features, you may want to consider DexGuard.

At their core, the biggest difference between the products is this: ProGuard is a generic optimizer for Java bytecode, while DexGuard provides advanced protection for Android applications

In this blog, you will find an overview of the differences between ProGuard and DexGuard.

Quick Compare: ProGuard vs. DexGuard

DexGuard is based on ProGuard, which is why it’s so easy to upgrade to DexGuard. DexGuard contains all ProGuard features and many more significant additional features —particularly on the security front. Below is a side-by-side comparison of the key aspects of both products:

proguard v dexguard comparison table
 

Deeper Dive: ProGuard vs. DexGuard

While the high-level details of ProGuard and DexGuard are laid out above, there are more in-depth benefits to be discussed. In the FAQ below, we explore the differences between ProGuard and DexGuard in more detail, including reasons why each product may suit different needs within a software engineering team’s project lineup.

Q. What should I use each tool for?

A. ProGuard is a generic optimizer for Java bytecode. DexGuard is a specialized tool for the protection of Android applications.

ProGuard is a versatile optimizer for Java bytecode. It enables you to shrink, optimize and obfuscate desktop applications, embedded applications, and mobile Android applications.

DexGuard, on the other hand, is specifically designed to protect and optimize Android applications. Mobile applications are often used in distributed and quickly-evolving environments -- DexGuard provides multilayer protection adapted to these use cases. In addition, DexGuard offers functionality to utilize the Android platform efficiently. It comes with a tuned configuration for the Android runtime and for common libraries (Google Play Services, Dagger, Realm, SQLCipher etc.) and automatically splits DEX files that exceed the size limits imposed by the format (MultiDex).

Q. What do they each protect against?

A. ProGuard offers basic protection against static analysis. DexGuard protects applications against static and dynamic analysis, as well as attacks at runtime.

Hackers generally combine two approaches when attempting to reverse engineer an application. They may try to gain access to the source code of the application by using decompilers, which is called static analysis. Malicious actors may also monitor the behavior of applications at runtime, which is called dynamic analysis. Static and dynamic analysis are often used in tandem.

ProGuard offers basic protection against static analysis only.

DexGuard shields applications from both static and dynamic analysis. DexGuard uses a multitude of obfuscation and encryption techniques to harden an app’s source code. It also integrates a series of runtime security mechanisms (RASP) into Android apps. These mechanisms check the integrity of both the application and its environment, enabling the app to react whenever a potential threat is detected.

Q. What security features do these products provide?

A. ProGuard provides minimal obfuscation. DexGuard applies multiple layers of encryption and obfuscation and adds runtime security mechanisms (RASP).

Both ProGuard and DexGuard harden the code of applications to shield them from reverse engineering. However, the extent to which they harden the code is different. 

ProGuard offers basic protection in the form of name obfuscation.

DexGuard provides advanced code protection via obfuscation and encryption; it not only obfuscates names of classes, fields, and methods, but also arithmetic and logical expressions in the code and the control flow of the code inside methods. In addition, DexGuard encrypts strings and classes and adds reflection to access-sensitive APIs. 

DexGuard also offers runtime application self-protection (RASP)--which is necessary to protect against dynamic attacks.

In combination, DexGuard’s code protection and RASP function result is a more fully protected application.

Q. What does each product process and protect in an application?

A. ProGuard focuses on the bytecode. DexGuard processes all the components of an application.

ProGuard’s action is restricted to the bytecode of Java applications. In contrast, DexGuard provides 360-degree protection. Besides the Dalvik bytecode, DexGuard optimizes, obfuscates and encrypts manifest files, native libraries, resources, resource files, and asset files.

Q. How much do these tools cost?

A. ProGuard is an open source tool. DexGuard is a commercial, enterprise-grade product.

ProGuard can be downloaded and used free of charge to process commercial and non-commercial applications. All the information needed to set up ProGuard is detailed in the online manual

DexGuard is a commercial product from Guardsquare. With a license, companies can use DexGuard and receive access to a team of experienced Guardsquare engineers to help set up the software. Companies can also opt for an enhanced level of support with faster response times, configuration support and more.