Setup

Mobile Protect can be configured to enable R8 obfuscation/minification for any non-debug gradle module in the project. When enabled, it enables additional optimization and obfuscation compared to the default R8 configuration.

In order to enable static obfuscation, locate the root project gradle file, named either build.gradle or build.gradle.kts (this file will not be located in the app folder, but rather in the one above it), and add the following entry:

Note that this block must come after the plugins section, if present.

Once added, this block will enable R8 obfuscation/minification for any gradle module (except those containing “debug” in their name, or those included in the skipObfuscationFor configuration below).

This completes the setup for Mobile Protect static obfuscation for Android.

Mapping File

Static obfuscation generates a mapping file, which by default can be found in build/app/outputs/mapping/release/mapping.txt (replace release with the name of the build type for other build types).

We strongly recommend including this mapping file in builds submitted to Data Theorem for scanning. See: De-obfuscating Android Scan Results Using A Mapping File

Additional Configuration

The following configuration attributes of MobileProtectPluginConfiguration are supported:

skipObfuscationFor

excludes build types from static obfuscation. Defalts to an empty list. For example:

includeDefaultProguardFile

Enables/disables including the default android proguard rules file. Defaults to true. For example:

enableObfuscation

Enables/disables static obfuscation. Defaults to false. For example:

Other proguard configuration

Mobile Protect will respect any additional proguard/R8 settings in your existing gradle file. For example, one may specify custom pro-guard rules in the usual way: