An Android .apk is basically just a fancy zip file. If someone wanted to they could downnload your app, extract it and inspect your source code. DexGuard is a way to prevent this by obfuscating the code inside your apk.
In order to verify that DexGuard is working, you can use a program like ApkTool to inspect the assets inside the apk and verify that they have been obfuscated. Although there are install instructions, I experienced a few gotchas for using it on my mac.
You download the jar and place it in the /usr/local/bin.
You then need to open a command line window at that /bin location.
You can then java -jar nameOFDownloadedJarInBinFolder in order to invoke Apktool. For example, java -jar apktool.jar
One thing to note is that Apktool extracts your jar in the /bin folder, taking the folder name from the apk name, unless you specify a different folder to extract to.
So, for instance $ apktool d bar.apk decodes bar.apk to bar folder in the /bin where apktool.jar is being invoked.
In order to change the output folder: apktool d bar.apk -o baz which would decode the bar.apk to the baz folder.
A folder with a number of .smali files are created, which contain human readable files (open with vscode etc).
An even better option is to use dex2jar to convert the apk to a .jar file. One thing to note is that on my Mac I needed to adjust the permissions of d2j_invoke.sh in order for dex2jar to work: sudo chmod +x d2j_invoke.sh as mentioned in this SO article
You can then sudo sh /Users/nathanstasin/Desktop/dex2jar-2.0/d2j-dex2jar.sh /Users/nathanstasin/Desktop/afrikaburn-18.apk which will create a someApk-dex2jar.jar jar in the dex2jar-2.0 working folder.
You can then open this jar with JD-GUI. However, I was getting a weird error on my Mac (which you can see in the image below) and needed to modify the created .jar file’s permissions in order to get JD-GUI to open the file: sudo chmod +xr /Users/nathanstasin/Desktop/dex2jar-2.0/afrikaburn-v18-dex2jar.jar
You can then verify that code has been obfuscated in JD-GUI
Comments