How to prevent piracy of software and protect the source code?
10 minute(s) read
Published on: Jul 30, 2021
Updated on: Dec 14, 2021
It should be noted that one of the problems that always threatens application developers and their designers, even users, is stealing source code and using them in their applications and projects. In this way, they can remove the source code of applications in Android systems. There are methods and solutions that you will learn in this tutorial and talk about to solve this problem. One of these solutions to protect the program's source is to activate ProGuard and R8, which is a new alternative in Android Studio.
What will you learn in this tutorial? They are all as follows:
- How to protect the source of Android applications - What is ProGuard?
- What is ProGuard used to do?
- R8 replaces ProGuard.
- Differences and comparison of ProGuard with R8
- What are the advantages of R8?
- How to activate R8 and ProGuard in Android Studio
- More compression on the R8
- Custom rules in the R8
- All R8 and ProGuard rules
- What are other ways to protect source code?
How to protect the source of Android applications
We use this example to explain this section to you well, and you will understand it better. Consider Reverse Engineering, in which the industry-first produces and uses a piece of hardware. Then other people can use the hardware at a cost and time. In IT, it is also possible, and people can spend money to get and use previously used resources.
We need to compile the Android apps we design to work on the devices. The compiled output of Android resources and applications are in APK or AAB format in Android Studio.
Program code after compiling is no longer the same as before and cannot be read, but it can be returned. Java programs can be easily decompiled by entering the phrase Java decompiler.
We can also decompile Android-designed applications using the JADX tool, free and available in GateHub.
It is also possible to upload the APK file of the program on the GateHub site and then download it decoded. Of course, the version that will be downloaded from JADX after it is decoded cannot be imported into Android Studio, but its libraries and codes are still available.
Of course, it is also worth noting that it is not possible not to leave the code written in Java to be decoded. We must write the code so that readability is reduced and cannot be read. Java code is converted to byte code after being compiled, so it is easier to decode than native code.
Bad things or thefts that can happen this way are for someone to decompile your program, design a program like yours, and then sell it in the market under their name.
What is ProGuard?
Look at the contents of the build.gradle (Module: App) file to see if there is a block by default, such as the following:
Activating ProGuard in Android is very simple and can be easily activated. Note that ProGuard is in the Gradle system build, and we do not need to reinstall them. Set the value of false to minifyEnabled by default. These changes are used to enable or disable Proguard when compiling the project. If we assign a true value to it, activating Proguard will have its tasks when taking output.
What is ProGuard used for?
If we enable ProGuard in the projects we have designed in Android Studio when compiling the code, it performs three operations, which are as follows:
This operation is used to rename classes, methods, fields, and other objects with short names or even characters. For example, we can say that this part of the operation can change the class name from Users to a, in this case, in addition to reducing the number of code characters and the final size of the project, but also causes the recognition of the code to some extent. It is difficult for other people, and as a result, they cannot easily recognize them.
This part of the operation also removes all classes, fields, features, and variables that are not used when compiling the program, which ultimately reduces the volume of programs and speeds up execution. Find.
Code optimization was done in other parts of Prograd, but it should be noted that there is a place to optimize them again or reduce their size. Therefore, in this part of Progard, Java code is optimized and causes their volume to be reduced more than what they are; In other words, the DEX app file size is reduced. Optimizing the codes will make the codes more readable and increase the loading speed.
This is like Minifying Codes in CSS, just as they optimize the code in CSS. In this section, the Java code will be optimized by activating Proguard. In CSS, extra spaces between characters are removed when Minifying, or if we select a background color as #FFFFFF, it will change it to #FFF.
For example, in Java code, we can say that if we define a condition, if I use if / else codes and tags, and Progard is also active and detects that, for example, the else block will not work. It will delete it. Similarly, it can be said that Progard is a feature in Android systems that can reduce the amount of code written APK or AAB or can even increase the download speed by optimizing the code. In other words, Progard can optimize code by up to 50%.
R8 replaces ProGuard.
It is noteworthy that Prograd later created a replacement for itself, which replaces the R8. R8, which replaces Progard, combines other tools with Progard. Progard was replaced by R8 when the Girdle plug-in version 3.4.0 for Android Studio B was available. It was at this time that R8 was used instead of Prograd. Compared to Progard, R8 acts so that it increases the percentage of code reduction if it can be said that it reduces the percentage of code more. It also increases the loading speed.
What are the advantages of R8?
There are some of the most important reasons why Google R8 replaces Progard, including the most important ones:
- More optimization:
Let's compare R8 and Progard in terms of optimization. We will see that R8 has more optimization and minification than R8, eventually leading to more compression of the final file and APK output. Based on the tests that have been done, it can be said that R8 can compress files and projects up to 70%, which is a very good number, which makes 70% of the project more compact and concise. As you know, being more compact can reduce its volume, and even the number and amount of code inserted will be reduced; Readability also decreases, and other people cannot easily understand and understand the code with high readability.
- More compatibility with Kotlin:
Since Kotlin is a popular language that Android Studio also supports, it has become necessary to use this language. The R8 also has this feature and can do more optimizations.
- Better output:
Better output of R8 over Progard is another reason R8 is superior to Progard.
How to activate R8 and ProGuard in Android Studio
In what we said above, we told you about the details of R8 and Progard, now it is better to create a project to study its results and effects. We will examine before and after activating Program and similar cases in this case.
1- We created a new project in Android Studio, and like the previous times, we chose the desired name for it. The preferred name for this project in this tutorial is My Application.
2- The activity that should be selected in this project should be of the Empty Activity type.
3- Select the Java language to continue working on this project.
4- Inside the activity, we define a variable of type String.
5- The code that should be in the MainActivity.java section is as follows:
6- Go to Build - Generate Signed Bundle / APK to finally get an APK output from the project.
7- After the file is created, we change its name to distinguish it from the second output.
8- Then, open the build.gradle (app) file in the project and set the value to true for minifiEnabled inside the release block.
9- We create an APK output of the project. To examine it.
10- After creating the output, we will see that the size of the APK file is 2221 KB at first, and the size of the second file is 1470 KB. Because we have enabled Prograd, the file size will be reduced by about 30%.
11- In addition to reducing the code volume, another task is the responsibility of R8, which is also to obscure the code. Code obfuscation is done to protect the source of the program so that it can no longer be used in other sources. Of course, this also means that when we say that we want to decompile or decode the project, it means that the process of reading the code is more difficult or unreadable.
12- We decompile both APK files online using APK Decompiler.
13- This free and online service uses JADX to decompile the existing decks' files.
14- To do this, select the apk file and click on the Upload and Decompile option to give us the zipped file in a very short time.
15- We do this process for both files.
16- Open the zipped files and check them.
17- The difference between MainActivity class before and after R8 activation is as follows:
In the code above, which shows the changes before and after the R8 is activated or deactivated, you can see that the comment line has been removed from the class.
In addition, the name of the library class has been changed.
The variable that was of type String has been removed because when R8 is activated, it detects that this variable is not needed and deletes it.
The result, or what we got with R8 activation, is that the file size has changed from 425 characters to 275 characters. In addition, the readability of the code has decreased.