Developer Console

Obfuscate The App Code

If you are ready to submit your app to the Amazon Appstore, consider obfuscating your app's code using a tool such as ProGuard. Obfuscating your code modifies your source and machine code to be difficult for a human to understand if someone with malicious intentions de-compiles your app. If you are concerned about your app being reverse engineered, using a tool to obfuscate your code can help mitigate this threat.

IAP and code obfuscation

When you obfuscate your code, you need to ensure that In-App Purchasing API functionality not affected by code obfuscation. Make sure that your obfuscation program does not obfuscate any class under the com.amazon.* namespace, including method names and identifiers. Your obfuscation program must also preserve annotations.

In Gradle 3.4.0 and higher, Android Studio applies optimization through the R8 compiler. (See Shrink, obfuscate, and optimize your app for details.)

  1. Upgrade your Android Gradle plugin to version 3.6.0 or higher. See Update the Android Gradle plugin for details.
  2. Use the following ProGuard rules:

    -dontwarn com.amazon.**
    -keep class com.amazon.** {*;}
    -keepattributes *Annotation*
    

See ProGuard for detailed instructions on applying the rules.

ProGuard

This section describes how to obfuscate your code using ProGuard, which is a code obfuscation tool provided as part of the Android SDK (and Android Studio prior to Gradle 3.4.0). ProGuard shrinks, optimizes, and obfuscates your source code.

Note that the IAP API is compatible with ProGuard versions v4.7 or later.

To set up code obfuscation for your IAP-enabled project:

  1. Edit your project's build.properties file to enable Proguard. If your project does not already include a build.properties file, create a blank text file with this name.

Add the following line to the build.properties file to enable Proguard:

proguard.config = <relative or absolute path to proguard.cfg file>

Note: You should base your configurations on the sample Android application file found in the ProGuard configuration examples.

  1. Edit your proguard.config file to configure obfuscation for your app:

  2. Specify classes in your code to block from obfuscation. Add the following lines to your file:
    -dontwarn com.amazon.**
    -keep class com.amazon.** {*;}
    -keepattributes *Annotation*
    
  3. Specify the number of optimization passes for ProGuard to make. Depending on your app's requirements and planned usage, choose either one or no optimization passes:
    • Add the following line to specify one optimization pass:
      -optimizationpasses 1
    • Add the following line if you want to completely skip optimization:
      -dontoptimize

      As a best practice, at the very least, perform a -dontoptimize -dontobfuscate pass to strip out any transient dependencies from your app.

  4. Remove any other flags dealing with optimization and any flags that might conflict with the settings that you just specified.
  5. Build your app in release mode.

Because ProGuard is integrated with Android's build system, you do not have to manually invoke ProGuard. If you've set up your proguard.cfg and build.properties files as described, ProGuard will automatically run when you build your app in release mode.


Last updated: Jan 03, 2022