1

I am using proguard in my project . It is obfuscating all the java code . But it is not obfuscating anything in strings.xml .

I have some sensitive information in strings.xml .

How can I make proguard to obfuscate the content in strings.xml ? Do I need to write any specific rule ?

mW3
  • 107
  • 18

3 Answers3

1

ProGuard can't obfuscate strings.xml. You can use other software to obfuscate your file like DexGuard. You can get more info here.

FedeFonto
  • 314
  • 3
  • 12
0

It will not obfuscate string.xml file. If you will rename your .apk file with .zip and extract the zip folder then you will get all the resources. There are a couple of ways to store sensitive data in Android.

  1. Store in gradle file and you can access it by using BuildConfig.
  2. Put it in java class file.
  3. Put it in C/C++ file and access that using NDK // Recommended, hard to reverse engineer the values.
  4. put it in the string.xml file in encrypted format and access whenever required.
Basi
  • 2,675
  • 19
  • 28
Rajiv Ranjan
  • 253
  • 3
  • 12
  • 1
    all strings contained in .so files will be clearly visible in the library's `[TEXT]` block so thats not the best solution either. it will stop students from peeking into your data, but won't stop real reverse engineers (aka "professionals") – Shark May 10 '19 at 11:08
  • I am agree with you on this. You might also split key string in few parts and keep them in various places and you can create an algorithm to fetch the constants from jni files. – Rajiv Ranjan May 10 '19 at 11:14
-1

Better to use NDK to store your sensitive data. Proguard

Aditya Singh
  • 23
  • 4