1

I am using proguard in my project . It is obfuscating all the java code . But it is not obfuscating anything in strings.xml .

I have some sensitive information in strings.xml .

How can I make proguard to obfuscate the content in strings.xml ? Do I need to write any specific rule ?

Improve this question
4
  • you need to use DexGuard since string obfuscation/encryption is not a ProGuard feature. Commented May 10, 2019 at 10:21
  • ProGuard does not obfuscate the string.xml file Commented May 10, 2019 at 10:24
  • @Basi, my apk contains res folder, but doesn't contain values in it (as well as strings.xml and arrays.xml). Commented Jul 10, 2020 at 8:52
  • See also stackoverflow.com/questions/27548810/…. Commented Jul 10, 2020 at 9:54

3 Answers 3

Reset to default
1

ProGuard can't obfuscate strings.xml. You can use other software to obfuscate your file like DexGuard. You can get more info here.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

It will not obfuscate string.xml file. If you will rename your .apk file with .zip and extract the zip folder then you will get all the resources. There are a couple of ways to store sensitive data in Android.

  1. Store in gradle file and you can access it by using BuildConfig.
  2. Put it in java class file.
  3. Put it in C/C++ file and access that using NDK // Recommended, hard to reverse engineer the values.
  4. put it in the string.xml file in encrypted format and access whenever required.
Improve this answer

2 Comments

all strings contained in .so files will be clearly visible in the library's [TEXT] block so thats not the best solution either. it will stop students from peeking into your data, but won't stop real reverse engineers (aka "professionals")
I am agree with you on this. You might also split key string in few parts and keep them in various places and you can create an algorithm to fetch the constants from jni files.
0

Better to use NDK to store your sensitive data. Proguard

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.