Obfuscate builds before releasing apps

Obfuscating builds is one of those things that I didn’t pay attention to (and wasn’t even aware of) when I first started learning how to develop Android apps. I thought all I had to do was upload a release build of my app to the Google Play Developer Console and I was done.

Obfuscating builds is a straightforward process, but there are a few things that I learned during my client projects that weren’t obvious to me.

Obfuscate your app early in development cycle

Most of my client work involves regularly releasing builds incrementally as an alpha release to the Google Play Store. Some people say that you can obfuscate your builds before you release to production, but it’s better if you do this early in the development cycle.

This is because it can be difficult to figure out what didn’t obfuscate properly later in the development cycle when the codebase is larger. Doing this early allows you to catch any issues with obfuscation when the codebase is smaller and incrementally as the codebase grows.

Obfuscating builds is really easy. Just set minifyEnabled to true and map your proguard files with appropriate rules.

Configuring proguard rules is another subject so I’ll skip that in this blog post.

Upload your mapping files along with your obfuscated builds

When you upload your apk to the Google Play Developer Console, upload your mapping file after you release your build. Also, if you’re using something like Firebase Crash Reporting, you should also upload your mapping file there as well. This will allow you to see where in the code the app crashed if it does happen.

The mapping file can be found at app/build/outputs/mapping/{build_name}/mapping.txt.

Set SerializedName to your POJO attributes

If your app is backed by an API and you’re using Gson (default by Retrofit, which you’re probably using) to map your API JSON responses to your POJOs, you want to define @SerializedName in your class.

Something like the above will suffice. The reason for this is when you turn on obfuscation, those field names will be renamed to something like “a”, and then Gson’s Java to Json mapping will fail. Thus, you need to provide @SerializedName on every field you use for Json serialization with the name of the Json property which needs to map to your POJOs.