Clyze: analyze, obfuscate, optimize
Clyze is a visual packaging tool for Android (and Java) applications, demystifying the black art of app deployment. Clyze offers a semantic view of every rule and directive in your configuration. This greatly assists with code reduction and obfuscation, helping you avoid confusion and costly mistakes.
Packaging Apps
If you are familiar with Android packaging and deployment, you’ve likely heard of tools like ProGuard or Google R8 that help produce the packaged deliverable version of an app. These tools accept text configuration files that capture how the application code should be obfuscated and what are its non-obvious entry points, so that libraries can be trimmed down to the necessary parts before inclusion.
The benefit of such packaging is that it allows obfuscating the final deployed code (without damaging it — e.g., obfuscate only class members not accessed by reflection), and eliminates (potentially lots of) code that is not needed in the final application. (See also “for every 6 MB increase in APK size, there’s a 1% decrease in app installation”.)
At the same time, you may know that such packaging is far from easy. It’s error-prone, it is confusing and opaque, and it requires enormous effort to get good results. Others can say this better than us:
“Too many apps don’t obfuscate”
(Jeb Ware, “How Proguard Works”, time 5:50)
“roughly 25% of apps are obfuscated, but that number rises to 50% for the most popular apps with more than 10 million downloads.”
(“A large scale investigation of obfuscation use in Google Play”)
“35% of our participants reported difficulty obfuscating their apps, while over 61% — more than double the Play market average — claim to obfuscate their apps. To better understand this paradox, we asked 70 developers to obfuscate two sample apps. […] 78% failed to correctly use ProGuard in a more complex and realistic scenario. Moreover, 38% mistakenly believed they had successfully obfuscated their app.”
(“A large scale investigation of obfuscation use in Google Play”)
Challenge: Try Clyze on your current Android codebase and we bet it will help you discover ProGuard “keep” rules that do not do what you thought they do!
Clyze to rise
This is where Clyze comes in. It is a system designed to give you insights on your application’s packaging — both its correctness and its benefit.
It gives you full control of the packaging process with rich configuration options.
It lets you review what a rule matches syntactically over the code base (i.e., the potential application points of a rule, independently of other rules).
As well as show you the final results of all rule processing: what code elements will end up removed, obfuscated, or kept intact (as entry points).
Clyze helps you deliver with confidence a signed, optimized, obfuscated, fully packaged app.
Clyze is now (September 2020) in early-access mode, for Windows, MacOS and Linux. It will always be free for individual, single-project use.
We will be happy to hear from you on our Discord, for feedback, support issues, or questions.
