Search code examples
cordovaproguardcordova-plugin-proguard

Proguard cordova application

The security audit team has asked us run proguard on the Cordova Java code on one of our applications.

We turned on proguard by making the following modifications to our build:

  1. To use ant build project, run android update project -p . -t # --subprojects on platform/android/ folder. That creates build.xml and updates project.properties.

  2. uncomment #proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt in project.properties.

  3. in proguard-project.txt add

    -dontwarn javax.naming.**

    -keepattributes EnclosingMethod

and uncomment

-keepclassmembers class fqcn.of.javascript.interface.for.webview {
public *;
}
  1. Compile by ant release and expect not to get an error.

After we did that we got the following error at run time:

E/AndroidRuntime( 2195): java.lang.RuntimeException: Unable to start activity ComponentInfo{com.somecompany.someapp/com.somecompany.someapp.someapp}: java.lang.RuntimeException: Failed to create webview.
E/AndroidRuntime( 2195): at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2195)
E/AndroidRuntime( 2195): at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2245)
E/AndroidRuntime( 2195): at android.app.ActivityThread.access$800(ActivityThread.java:135)
E/AndroidRuntime( 2195): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1196)
E/AndroidRuntime( 2195): at android.os.Handler.dispatchMessage(Handler.java:102)
E/AndroidRuntime( 2195): at android.os.Looper.loop(Looper.java:136)
E/AndroidRuntime( 2195): at android.app.ActivityThread.main(ActivityThread.java:5017)
E/AndroidRuntime( 2195): at java.lang.reflect.Method.invokeNative(Native Method)
E/AndroidRuntime( 2195): at java.lang.reflect.Method.invoke(Method.java:515)
E/AndroidRuntime( 2195): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:779)
E/AndroidRuntime( 2195): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:595)
E/AndroidRuntime( 2195): at dalvik.system.NativeStart.main(Native Method)
E/AndroidRuntime( 2195): Caused by: java.lang.RuntimeException: Failed to create webview.
E/AndroidRuntime( 2195): at org.a.a.w.a(Unknown Source)
E/AndroidRuntime( 2195): at org.a.a.e.e(Unknown Source)
E/AndroidRuntime( 2195): at org.a.a.e.d(Unknown Source)
E/AndroidRuntime( 2195): at org.a.a.e.a(Unknown Source)
E/AndroidRuntime( 2195): at org.a.a.e.a(Unknown Source)
E/AndroidRuntime( 2195): at com.somecompany.someapp.someapp.onCreate(Unknown Source)
E/AndroidRuntime( 2195): at android.app.Activity.performCreate(Activity.java:5231)
E/AndroidRuntime( 2195): at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1087)
E/AndroidRuntime( 2195): at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2159)
E/AndroidRuntime( 2195): ... 11 more
E/AndroidRuntime( 2195): Caused by: java.lang.NoSuchMethodException: <init> [class android.content.Context, class org.a.a.p]
E/AndroidRuntime( 2195): at java.lang.Class.getConstructorOrMethod(Class.java:472)
E/AndroidRuntime( 2195): at java.lang.Class.getConstructor(Class.java:446)
E/AndroidRuntime( 2195): ... 20 more

We can simply turn off proguard and the app will compile and run fine.

Here are our questions: A. How can we make this problem appear at compile time? B. How can we change our build configuration to fix this error and obfuscate the code with Proguard?

Solution

  • To avoid obfuscate cordova classes, add -keep public class org.apache.cordova.** { *; } in proguard-project.txt.