Obfuscate The App Code

If you are ready to submit your app to the Amazon Appstore, consider obfuscating your app’s code. Obfuscating your code modifies your source and machine code to be difficult for a human to understand if someone with malicious intentions de-compiles your app. If you are concerned about your app being reverse engineered, using a tool to obfuscate your code can help mitigate this threat.

Code Obfuscation Tools

You will need a separate tool to obfuscate your code. ProGuard is easily available as part of the Android SDK, but other obfuscation tools are available.


In addition to implementing the IAP API in your app, you will need a code obfuscation tool to obfuscate your app’s code. This page describes how to obfuscate your code using ProGuard, which is a code obfuscation tool that is provided as part of the Android SDK. ProGuard shrinks, optimizes, and obfuscates your source code.

If you are already using ProGuard, make sure that the version you are using is the latest released version. The IAP API is not compatible with versions of ProGuard that are earlier than v4.7.

Other Code Obfuscation Tools

If you are using a tool other than ProGuard for code obfuscation, you still need to ensure that In-App Purchasing API functionality is preserved. Make sure your program does not obfuscate any class under the com.amazon.* namespace, including method names and identifiers. Your obfuscation program must also preserve annotations.

Set Up Code Obfuscation for Your Project

Because the In-App Purchasing (IAP) API relies on certain methods being available to call and provide information about a purchase request, these methods should not be obfuscated. If these methods are obfuscated and renamed, Amazon will not be able to communicate with your app. Using ProGuard as an obfuscation tool, this section discusses how to obfuscate your code that implements the IAP API so that Amazon can still communicate with your app.

To set up code obfuscation for your IAP-enabled project:

  1. Edit your project’s build.properties file to enable Proguard. If your project does not already include a build.properties file, create a blank text file with this name.

Add the following line to the build.properties file to enable Proguard:

proguard.config = <relative or absolute path to proguard.cfg file>

Note: You should base your configurations on the sample Android application file found in the ProGuard configuration examples.

  1. Edit your proguard.config file to configure obfuscation for your app:

  2. Specify classes in your code to block from obfuscation. Add the following lines to your file:

    `-dontwarn com.amazon.**`
    `-keep class com.amazon.** {*;}`
    `-keepattributes *Annotation* `
  3. Specify the number of optimization passes for ProGuard to make. Depending on your app’s requirements and planned usage, choose either one or no optimization passes:
    • Add the following line to specify one optimization pass:
      -optimizationpasses 1
    • Add the following line if you want to completely skip optimization:

      As a best practice, at the very least, perform a -dontoptimize -dontobfuscate pass to strip out any transient dependencies from your app.

  4. Remove any other flags dealing with optimization and any flags that might conflict with the settings that you just specified.
  5. Build your app in release mode.

Because ProGuard is integrated with Android’s build system, you do not have to manually invoke ProGuard. If you’ve set up your proguard.cfg and build.properties files as described, ProGuard will automatically run when you build your app in release mode.