Integrating with Android app hardening frameworks
To further secure your app, consider using one of the many available app hardening frameworks. While it is possible to combine such a framework with our pre-hardened SDKs, this will likely require careful adjustment of the hardening framework's configuration.
Since our SDK is already hardened and obfuscated, any extra obfuscation may result in build failures, typically marked by an ASM Instrumentation process wasn't able to resolve some classes
error.
Given the wide range of hardening frameworks, we cannot offer integration guides for specific vendors, but the general approach is usually similar across different frameworks.
The hardening framework must not interfere with or modify SDK classes.
The mobile SDK includes a proguard.txt file in the .aar, which contains -keep
rules to exclude SDK classes from additional obfuscation. The SDK has non-Unicode classes that can cause build issues if not properly excluded.
Here is an example of such entries:
-keep class zc.Ѝ { *; }
-keep class zc.Ꭳ { *; }
-keep class zc.ǖ { *; }
...
Your app hardening framework likely offers a similar configuration to exclude classes from obfuscation.
The general approach is as follows:
Extract the proguard.txt file from the .aar.
Identify the non-Unicode
-keep
entries.Add a wildcard entry for these classes to your app's hardening framework obfuscation rule file. These classes usually share a common prefix, as in the example above (
zc
). The corresponding rule in your app's file would be:-keep class zc.* { *; }