Android developers – Here are the best practices for saving the UI state
Check out some tips on how to save the UI state during Android development.
Join us at ViVE 2024! From February 25-28 we'll be at the industry’s leading healthcare conference.
Don’t miss our talk on designing & building UX-centric healthcare software on February 27 at 2.45 p.m.
January 31, 2024
Discover the nuances between DexGuard and ProGuard – two powerful libraries that can fortify your app against security threats.
Application security, performance, and application size are crucial quality attributes that are frequently overshadowed by functionality, primarily due to additional time and costs. However, these attributes will play a decisive role in determining the success of your application.
Recent decades have witnessed numerous corporate financial losses and scandals following a data or security breach (see this HBR article on the devastating business impacts of a cyber breach). This has elevated security to a top priority for many organizations.
However, as VasonBourne’s survey highlights, there’s still significant potential for enhancing security programs and protocols to safeguard public-facing mobile apps against basic attacks and their repercussions. Remarkably, “96% of respondents depend to some degree, if not entirely, on end users’ mobile operating systems for app security.”
Current trends in mobile applications are compelling developers to not only acknowledge the possibility of improvement – a positive step in itself – but also to fully integrate security throughout the development lifecycle, going beyond mere awareness.
Although numerous options exist to enhance mobile app security, such as libraries, processes, and algorithms, this discussion will center on two widely-used libraries: ProGuard and DexGuard.
Going back a few years, right after joining my first Android project, I noticed a couple of files whose purpose wasn’t immediately clear to me; some magical set of files which included the word proguard on them. I soon realized just what they meant and what exactly they did on my project. They belong to the configuration of ProGuard – but keep in mind that they can be used with another similar tool named R8. ProGuard is, mainly, an open-source Java bytecode shrinker with some security features which follow the next steps per its manual:
The Obfuscate step is the most important, where the library provides a layer of security against reverse engineering, where ill-intentioned users can use disassemblers/decompilers to easily obtain the source code of our applications. With our classes, fields and methods being renamed to meaningless names, static reverse engineering (or the inspection/parsing of code when it isn’t executing) becomes a harder task. While this is not a perfect solution since it doesn’t counter dynamic reverse engineering, it’s still better to have it than not.
As Android developers, we must aim to deliver smaller application sizes to our users. Large applications are burdensome to compile and build, and they may be unfeasible for end-users to download if their storage capacity is limited. Every developer should eliminate superfluous code and ideally incorporate a shrinker/optimizer in their projects.
Some known limitations include:
Upon researching ProGuard, you’ll inevitably come across DexGuard, a subscription-based, paid library from Guardsquare, the creators of ProGuard. It builds upon its predecessor’s capabilities, adding the following features according to their documentation (also see these articles: ProGuard vs. DexGuard: An Overview and Mobile Runtime Application Self-Protection (RASP)):
We can very easily upgrade from ProGuard to DexGuard as you can use the former’s configuration files with the latter. The main caveat is that DexGuard, being a commercial product, requires a paid subscription. This might seem like a big issue until you take into account that the cost of proper security measures is way less than that of fixing a vulnerability or dealing with a leak of information. With your subscription you also gain access to personalized support (which works on two tiers based on needs) with implementation, bugs, configuration optimization, and project-specific support.
Some known limitations include:
Having compared DexGuard and ProGuard, now we can tackle the main question: which should I use in my project? A couple of questions should be answered before choosing one:
Receive regular updates about our latest work
Get in touch with our experts to review your idea or product, and discuss options for the best approachGet in touch