This article explains how to use the DashO New Project Wizard to protect an existing Android APK. During this process, DashO analyzes the APK, automatically identifies application entry points, applies default protection settings, and generates a protected, signed APK for distribution.
Before starting, ensure that the required Android SDK version is installed and that APKs intended for processing have not been obfuscated with R8 minification. Using DashO on an APK that has already been processed by R8 can result in conflicts caused by multiple layers of obfuscation and optimization.
Step 1: Create a New Project
- Open DashO.
- Navigate to New Project Wizard.
- Select Android Artifacts (APK/AAB).
- Click Next.
Step 2: Select the APK File
- Browse and select the APK file that needs to be obfuscated.
- Click Next.
Step 3: Verify Android SDK Detection
- DashO automatically detects the Android SDK and SDK version based on the APK.
- Verify that the detected SDK information is correct.
- Click Next.
Step 4: Review Entry Points
- DashO reads the AndroidManifest.xml file from the APK.
- Entry points are automatically detected and displayed.
- Review the detected information.
- Click Next.
Step 5: Load Input Classes
DashO now loads all application classes from the APK.
By default, the following protections are enabled:
- Control Flow Obfuscation
- Removal Protection
- String Encryption
Step 6: Configure Signing
- Enable the Signing Option by selecting the checkbox.
- Provide the required signing details.
Step 7: Build the APK
- Click Build.
- DashO obfuscates all classes loaded in the Input section.
- The protected APK will be generated in the output location.
To explore additional protection options, refer to Understanding Protection Options
R8 Minification
Before generating the APK, ensure that R8 minification is disabled.
Set:
minifyEnabled false
Why?
R8 performs three operations:
- Obfuscation
- Code Shrinking
- Optimization
When an APK that has already been processed with R8 is passed through DashO, the application effectively undergoes double obfuscation. This can lead to:
- Class mapping inconsistencies
- Runtime failures
- Android framework class resolution issues
- Application startup failures
To avoid these issues, disable R8 minification before processing the APK with DashO.