Obfuscate The App Code

If you are ready to submit your app to the Amazon Appstore, consider obfuscating your app's code using a tool such as ProGuard. Obfuscating your code modifies your source and machine code to be difficult for a human to understand if someone with malicious intentions de-compiles your app. If you are concerned about your app being reverse engineered, using a tool to obfuscate your code can help mitigate this threat.

Excluding IAP from Code Obfuscation

When you obfuscate your code, you need to ensure that In-App Purchasing API functionality not affected by code obfuscation. Make sure that your obfuscation program does not obfuscate any class under the com.amazon.* namespace, including method names and identifiers. Your obfuscation program must also preserve annotations.


This section describes how to obfuscate your code using ProGuard, which is a code obfuscation tool that is provided as part of the Android SDK (and Android Studio prior to Gradle 3.4.0). ProGuard shrinks, optimizes, and obfuscates your source code.

Note that the IAP API is compatible with ProGuard versions v4.7 or later.

Because the In-App Purchasing (IAP) API relies on certain methods being available to call and provide information about a purchase request, these methods should not be obfuscated. If these methods are obfuscated and renamed, Amazon will not be able to communicate with your app. Using ProGuard as an obfuscation tool, this section discusses how to obfuscate your code that implements the IAP API so that Amazon can still communicate with your app.

To set up code obfuscation for your IAP-enabled project:

  1. Edit your project's build.properties file to enable Proguard. If your project does not already include a build.properties file, create a blank text file with this name.

Add the following line to the build.properties file to enable Proguard:

proguard.config = <relative or absolute path to proguard.cfg file>

Note: You should base your configurations on the sample Android application file found in the ProGuard configuration examples.

  1. Edit your proguard.config file to configure obfuscation for your app:

  2. Specify classes in your code to block from obfuscation. Add the following lines to your file:
    -dontwarn com.amazon.**
    -keep class com.amazon.** {*;}
    -keepattributes *Annotation*
  3. Specify the number of optimization passes for ProGuard to make. Depending on your app's requirements and planned usage, choose either one or no optimization passes:
    • Add the following line to specify one optimization pass:
      -optimizationpasses 1
    • Add the following line if you want to completely skip optimization:

      As a best practice, at the very least, perform a -dontoptimize -dontobfuscate pass to strip out any transient dependencies from your app.

  4. Remove any other flags dealing with optimization and any flags that might conflict with the settings that you just specified.
  5. Build your app in release mode.

Because ProGuard is integrated with Android's build system, you do not have to manually invoke ProGuard. If you've set up your proguard.cfg and build.properties files as described, ProGuard will automatically run when you build your app in release mode.