apk混淆打包注意事项

混淆打包搞了好几天才初步了解，其中碰到很多Debug正常，Release的apk不能用，基本都是第三方的jar的问题，所以要排除混淆。

1. Json解析对象出错

用到fastJson或者GJson的apk混淆编码时要加上这句：

-keepattributes Signature

2.百度地图不能用，注意添加下面的语句

-libraryjars libs/baidumapapi_v2_1_0.jar #替换成自己所用版本的jar包
-keep class com.baidu.** { *; }  
-keep class vi.com.gdi.bgl.android.**{*;}

3.融云IM

-keep class io.rong.imkit.** {*;}
-keep class io.rong.imlib.** {*;}
-keepattributes Exceptions,InnerClasses
-dontwarn io.rong.**
-keep class io.rong.** {*;}
-keep public class com.yourpackage.R** {*;} #自己的包名
-keep class *.R$ { *; } 

4.保持自定义的View不混淆

-keepclasseswithmembers class * {            # 保持自定义控件类不被混淆  
    public <init>(android.content.Context, android.util.AttributeSet);  
}  
  
-keepclasseswithmembers class * {            # 保持自定义控件类不被混淆  
    public <init>(android.content.Context, android.util.AttributeSet, int);  
}

可以把自定义的View放入一个包。然后排除掉这个包。

5.其他第三方的jar包

-dontwarn org.apache.http.**
-keep class org.apache.http.**  {*;}
-dontwarn com.ant.liao.**
-keep class com.ant.liao.**  {*;}
-dontwarn org.json.**
-keep class org.json.**  {*;}
-dontwarn pl.droidsonroids.gif.**
-keep class pl.droidsonroids.gif.**  {*;}
-dontwarn com.cmcc.analytics.**
-keep class com.cmcc.analytics.**  {*;}
-keep class android.**  {*;}

6.Log文件

-assumenosideeffects
class android.util.Log
 {
    public static ***
 e(...);
    public static ***
 w(...);
    public static ***
 wtf(...);
    public static ***
 d(...);
    public static ***
 v(...);

7.还有就是自定义的实体类，bean或者Entity。因为它们基本都是序列化的。

我的体会：序列化和用到反射机制的都不能混淆。

这篇文章有一个比较好的版本Android 混淆打包标准proguard 配置

# To enable ProGuard in your project, edit project.properties
# to define the proguard.config property as described in that file.
#
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in ${sdk.dir}/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the ProGuard
# include property in project.properties.
#
# For more details, see
#   http://developer.android.com/guide/developing/tools/proguard.html

# Add any project specific keep options here:

# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
#   public *;
# 指定代码的压缩级别
-optimizationpasses 5
# 是否使用大小写混合
-dontusemixedcaseclassnames
# 是否混淆第三方jar
-dontskipnonpubliclibraryclasses
# 混淆时是否做预校验
-dontpreverify
# 混淆时是否记录日志
-verbose
# 混淆时所采用的算法
-optimizations !code/simplification/arithmetic,!field/*,!class/merging/*
#-ignorewarnings

-libraryjars libs/android-support-v4.jar
-libraryjars libs/baidumapapi_v3_0_0.jar
-libraryjars libs/commons-codec.jar
-libraryjars libs/commons-httpclient-3.1.jar
-libraryjars libs/gson-2.2.2.jar
-libraryjars libs/httpmime-4.2.jar
-libraryjars libs/locSDK_3.1.jar
-libraryjars libs/ShareSDK-Core-2.3.9.jar
-libraryjars libs/ShareSDK-QQ-2.3.9.jar
-libraryjars libs/ShareSDK-SinaWeibo-2.3.9.jar

# 保持哪些类不被混淆
-keep public class * extends android.app.Activity
-keep public class * extends android.app.Application
-keep public class * extends android.app.Service
-keep public class * extends android.content.BroadcastReceiver
-keep public class * extends android.content.ContentProvider
-keep public class * extends android.app.backup.BackupAgentHelper
-keep public class * extends android.preference.Preference
-keep public class com.android.vending.licensing.ILicensingService

#gson解析不被混淆
-keep class com.google.**{*;}
-keepclassmembers class * implements java.io.Serializable {
    static final long serialVersionUID;
    private static final java.io.ObjectStreamField[] serialPersistentFields;
    private void writeObject(java.io.ObjectOutputStream);
    private void readObject(java.io.ObjectInputStream);
    java.lang.Object writeReplace();
    java.lang.Object readResolve();
}
##---------------Begin: proguard configuration for Gson  ----------
# Gson uses generic type information stored in a class file when working with fields. Proguard
# removes such information by default, so configure it to keep all of it.
-keepattributes Signature  
# Gson specific classes
-keep class sun.misc.Unsafe {*;}
#-keep class com.google.gson.stream.** {*;}  
# Application classes that will be serialized/deserialized over Gson
-dontwarn com.u14studio.entity.** 
-keep class com.u14studio.entity.**{*;} 
##---------------End: proguard configuration for Gson  ----------
#shareSDK、
-keep class cn.sharesdk.**{*;}
-keep class com.sina.**{*;}
-keep class **.R$* {*;}
-keep class **.R{*;}
-dontwarn cn.sharesdk.**
-dontwarn **.R$*
-keep class m.framework.**{*;}
#shareSDK结束

#百度地图不混淆
-dontwarn com.baidu.** 
-keep class com.baidu.**{*;}
-keep class vi.com.gdi.bgl.android.**{*;}
-keep class android.content.Context.getExternalFilesDirs
-keep public class * extends android.content.Context.getExternalFilesDirs
#百度地图不混淆结束

-dontwarn org.apache.**
-keep class org.apache.**{*;}
-dontwarn android.support-v4.**
-keep class android.support-v4.**{*;}
-dontwarn com.alipay.android.app.**
-keep class com.alipay.android.app.**{*;}

下面就是些闲话了，是自己解决问题时写的记录，也一并留着吧。参照的文章都写上了，谢谢大家的分享。也谢谢QQ群里某位热心人的帮助。

今天遇到一个很奇怪的问题，混淆打包导致的，至今没明白为什么。主要现象是一个实现parcelable的UserBean，数据成员包含一个UserTag的list对象，后者也实现了parcel接口，然后就是利用json与服务器之间传递值。当不设置标签时，一切OK，只要设置标签，就会报错，错误只能定位到这个转化问题。

java.lang.ClassCastException: com.alibaba.fastjson.JSONObject cannot be cast to com.cmcc.wepa.bean.UserTagBean

查看了代码，转化是没有问题的啊

    public void run()
    {
        super.run();
        Message resultMsg = mHandler.obtainMessage();
        HashMap<String, String> param = new HashMap<String, String>();
        param.put("userId", mUserId);
        // 获取返回
        String jsonStr = null;
        // 返回参数
        try
        {
            jsonStr = NetworkManager.getInstance().httpConnectOpt(
                    Constant.URL_USER_GET_INTO, param);
            // 将字符串转换成jsonObject对象
            JSONObject jsonObject = new JSONObject();
            jsonObject = JSONObject.parseObject(jsonStr);
            String result = jsonObject.getString("result");
            LogUtil.d(jsonObject);
            LogUtil.d(result);
            Bundle data = null;
            if (result != null && result.length() != 0)
            {
                // 获取返回参数
                UserBean bean = JSON.parseObject(result, UserBean.class);
                LogUtil.d(bean);
                LogUtil.d(bean.getTags());
                data = new Bundle();
                data.putParcelable("result", bean);
            }

            // 获取返值
            String code = (String) jsonObject.get("code");
            if ("0".equals(code))
            {

                resultMsg.what = 1;
                resultMsg.setData(data);
            } else if ("1".equals(code))
            {

                resultMsg.what = -1;

            }
        } catch (Exception e)
        {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

 但是不混淆编码或者Debug的包都是好用的，标签一直OK。

难道是parcelable对象之中嵌套parcelable对象成员会有问题吗？还是忘记了什么keep。

mark一下，悬而未决。

其中在$sdk_dir$ oolsproguardproguard-android.txt,里面吧基本的keep都定义好了，工程自己的在proguard-project.txt中定义。

这里原来理解错了吗？看到这篇文说是要把proguard-android.txt中的copy到proguard-project.txt中，个人感觉不用，应该会自动读取，个人验证确实没有影响。

Android代码混淆-添加了Gson遇到的问题

这篇文章则详细介绍了常用的各个字段的意义。Android proguard 详解

折腾了俩天还是没效果，最后参照上面CSDN解决Gson的方法，我的是fastJson，然后可能是Parcel出了问题，加上下面的排除混淆。

-keepclassmembers class * implements android.os.Parcel { public *;}
-dontwarn com.cmcc.wepa.bean.**
-keep class com.cmcc.wepa.bean.**  {*;}
-keepattributes Signature

打包，竟然好用了。还是因为不理解造成很多弯路，哈哈，解决了就好，虽然还是懵懵懂懂的，但有了一些印象。
也就是说实现Parcel或者Seriallizable的对象一定不要混淆，连同它们的接口对象一起排除混淆。大概就是这样。估计一般实体类不混淆。

还有个问题就是必须加上-keepattributes Signature，不加这句我的apk也不好用，有的blog说：
当有注解的时候

1. -keepattributes Signature  
2. -keepattributes *Annotation* 

加上上面两句减少错误。最后还有个总结的还可以的 Android 混淆代码总结
下面给出我的proguard-project.txt

后记：经过N次尝试，发现这句也没有用，去掉后不会报错，不过加上更好吧~呵呵
-keepclassmembers class * implements android.os.Parcel { public *;}
-libraryjars libs/fastjson-1.2.3.jar
其实，最后就是神奇的-keepattributes Signature的作用。不明白的还有很多啊。

# To enable ProGuard in your project, edit project.properties
# to define the proguard.config property as described in that file.
#
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in ${sdk.dir}/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the ProGuard
# include property in project.properties.
#
# For more details, see
#   http://developer.android.com/guide/developing/tools/proguard.html

# Add any project specific keep options here:
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:

-keepclassmembers class * implements android.os.Parcel { public *;}

# the third-party library
-libraryjars libs/fastjson-1.2.3.jar
-dontwarn net.tsz.afinal.**
-keep class net.tsz.afinal.**  {*;}
-dontwarn com.alibaba.fastjson.**
-keep class com.alibaba.fastjson.** { *; }

-dontwarn com.baidu.**
-keep class com.baidu.**  {*;}
-dontwarn io.rong.**
-keep class io.rong.**  {*;}
-dontwarn org.apache.http.**
-keep class org.apache.http.**  {*;}
-dontwarn com.ant.liao.**
-keep class com.ant.liao.**  {*;}
-dontwarn org.json.**
-keep class org.json.**  {*;}
-dontwarn pl.droidsonroids.gif.**
-keep class pl.droidsonroids.gif.**  {*;}
-dontwarn com.cmcc.analytics.**
-keep class com.cmcc.analytics.**  {*;}
-keep class android.**  {*;}

-dontwarn com.my.bean.**
-keep class com.my.bean.**  {*;}
-keepattributes Signature

-assumenosideeffects
class android.util.Log
 {
    public static ***
 e(...);
    public static ***
 w(...);
    public static ***
 wtf(...);
    public static ***
 d(...);
    public static ***
 v(...);
}