问题
I am using proguard in my project . It is obfuscating all the java code . But it is not obfuscating anything in strings.xml .
I have some sensitive information in strings.xml .
How can I make proguard to obfuscate the content in strings.xml ? Do I need to write any specific rule ?
回答1:
ProGuard can't obfuscate strings.xml. You can use other software to obfuscate your file like DexGuard. You can get more info here.
回答2:
It will not obfuscate string.xml file. If you will rename your .apk file with .zip and extract the zip folder then you will get all the resources. There are a couple of ways to store sensitive data in Android.
- Store in gradle file and you can access it by using BuildConfig.
- Put it in java class file.
- Put it in C/C++ file and access that using NDK // Recommended, hard to reverse engineer the values.
- put it in the string.xml file in encrypted format and access whenever required.
回答3:
Better to use NDK to store your sensitive data. Proguard
来源:https://stackoverflow.com/questions/56075404/proguard-is-not-obfuscating-strings-xml-in-android