Obfuscate your code

What Is Code Obfuscation?

If you are ready to submit your application to Amazon, you might consider obfuscating your code. Obfuscating your code modifies your source and machine code to be difficult for a human to understand if your application gets decompiled. If you are concerned about your application being reverse engineered, using a tool to obfuscate your code can help a great deal.

Mobile Associates API and Code Obfuscation

The Mobile Associates API relies on certain methods being available to call and provide you with information about a purchase request. If these methods get obfuscated and renamed, the Amazon Client will not be able to send information to your application. The following sections will walk you through obfuscating your code integrated with the Mobile Associates API.

Prerequisites

This guide will show you how to obfuscate your code using ProGuard which is available in the Android SDK. You can find more detailed information on Android at http://developer.android.com.

Note: The Android SDK and certain other development tools referenced on this page are provided by third parties, not by Amazon. Our links for these tools will take you to third-party sites for download and installation of the tools.

Setting Up Code Obfuscation for your Project

ProGuard is a code obfuscation tool that is provided as part of the Android SDK. The program shrinks, optimizes, and obfuscates your source code. To enable ProGuard for your Android app, refer to the Android SDK documentation. Make sure to use the latest released version of ProGuard as there is a known issue with pre-4.7 versions of ProGuard and the Mobile Associates API.

You'll need to edit the build.properties file inside of your project, and add the following line (if you don't have this file in your project directory, make one):

proguard.config = <relative or absolute path to proguard.cfg file>

Note: You should base your configurations on the sample Android application file found in the ProGuard configuration examples.

Preventing Obfuscation of Mobile Associates API

When incorporating the Mobile Associates API into your library, you will need to specify classes to 'keep' and not obfuscate. Add the following lines anywhere in your proguard.cfg file.

-dontwarn com.amazon.**
-keep class com.amazon.** {*;}
-keepattributes InnerClasses,*Annotation*

In addition, you will also need to skip Proguard's optimization step.

-dontoptimize

Note: Make sure to remove any other flags dealing with optimization, or any flag that may conflict with the above settings.

Finalizing and Releasing Your App

You do not have to invoke ProGuard manually as it is integrated into the Android build system. Now that you've fully set up your proguard.cfg and build.properties file, ProGuard runs only when you build your application in release mode.

Other Obfuscation Tools

If you are using another program for code obfuscation, to ensure that Mobile Associates API functionality is preserved, make sure your program does not obfuscate any class under the com.amazon.* namespace, including method names and identifiers. Your obfuscation program must also preserve annotations.