Skip to content

Gradle Introduction

Not so long ago people used Eclipse for android development. Eclipse alongside the ADT(Android Developer Tools) used the Ant build system to build our android apps into executable APKs.

Then Google introduced Android Studio alongside a new modular build system that replaced the old Ant scripts that were generated by the older versions of the SDK.

Gradle alongside Android Studio is very powerful and flexible, allowing you to write your gradle scripts in groovy, a dynamic JVM based programming language.

Gradle has similarities to Ivy and Maven. Besides the flexibility of Ant, gradle also comes with the dependency management from Maven.

This is powerful since rather than writing build-scripts in complex XML-files, we can wite our build scripts in a Groovy DSL (Domain-Specific Language). Thus you are able to more clearly specify your build configuration.

When you create a new project in Android Studio, it will also create all the Gradle scripts for your project.

Build.gradle(Project)

This is the build.gradle file located in the project folder.

It's also called Top-level or root level build file. It is here where we add configuration options common to all sub-projects/modules.

Here`s how a part of it looks:

buildscript {

    repositories {
        google()
        jcenter()
    }
    dependencies {
        classpath 'com.android.tools.build:gradle:3.1.3'

        // NOTE: Do not place your application dependencies here; they belong
        // in the individual module build.gradle files
    }
}

Here are what we are telling gradle in this script:

  1. First we have the repositories and dependencies closure nested under the buildscript.
  2. You can see under the repositories closure, we are registering to gradle the repositories from which plug-ins and dependencies for the build will be downloaded.
  3. Then we inform Android Studio where it should look for our the Gradle which is our buld tool.

[notice] You should not place your application dependencies here as they(those application dependencies) belong in the individual module build.gradle files. [/notice]

Obfuscation with ProGuard

Gradle, we said, will build your android app into an APK. Basically it's combining your java/kotlin/dart code, XML and other resource files.

After that the Java code will be compiled into a binary format called dex, which is what the Dalvik virtual machine on Android will read when executing your code.

However this Dex format isn't very human readable. So their are tools that are designed to compile it back into human readable format.

But obviously this raises serious security concerns. What about if you have some sensitive data like keys or passwords. Surely you want these to be safe.

So we can obfuscate these code. This doesn't mean that it cannot be completely decompiled, instead it means we are just making it hard for hackers. It makes reverse engineering our code much harder and time consuming.

Integrated into Android Studio is a tool called ProGuard which allows us obfuscate our code.

ProGuard is supported by the Gradle build system, and all you need to do is to add the following to the android section in build.gradle:

buildTypes {
    release {
        runProguard true
        proguardFile getDefaultProguardFile(proguard-android.txt)
    }
}

The above code allows ProGuard to be applied to the release-build of your application.

Advantages of Code Obfuscation

  1. It improves our code security.
  2. Obfuscation performs some additional optimizations, as well as shrinking the resulting dex binary by removing unused code.