search

adjust / android_sdk

This is the Android SDK of
http://www.adjust.com
Other
593 stars 299 forks source link

Optimize library size with libsigner.so #617

Closed G00fY2 closed 1 week ago

G00fY2 commented 2 months ago

Our release APK has a size of roughly 11 MB. The libsigner.so (uncompressed) alone is about 950 KB (for arm64-v8a). So the native library from Adjust Signature SDK causes a significant amount of the app size.

We can not evaluate how much effort you already put into optimizing binary size. Maybe there is still some room for improvement, like e.g. these technics: Android NDK: How to Reduce Binaries Size – The Algolia Blog

dimim commented 2 months ago

Hi @G00fY2.

Thanks for getting in touch & sharing your thoughts.

I can confirm that the size is an outcome of the product's nature: The Signature is a highly obfuscated library and aims to thwart both dynamic and static analysis. Some of those traits lead to an increase in size.

The above said, we are not disregarding the impact on an app in the name of security. Indeed, the size is a major point of discussion before every release and with considerable work in the past to minimize. It's, however, often a tradeoff between the product's defenses and size.

Given the current status quo with fraud, I cannot promise alterations as that would damage the product's defenses. But I can confirm continuous monitoring and effort to keep the size at bay. Naturally, we will go through the link you shared and similar in detail to see if something was missed on our end.

Happy to hear thoughts.

imliujun commented 2 weeks ago

In version 5.0.1, what can I do if I don't want to use the signature verification feature of the application? I mean I don't even want to introduce the relevant code, which will lead to an increase in package size. I tried to remove the SO file using the following configuration, but the SDK initialization fails and the Adjust.getAdid method does not receive a callback

ndk {
            abiFilters ''
        }
G00fY2 commented 2 weeks ago

@imliujun seems like you have to ship it: #616

dimim commented 2 weeks ago

@imliujun:

the SDK initialization fails and the Adjust.getAdid method does not receive a callback

For the callbacks, please run your test on a real device. There's an internal task to make this seamless Backend side. If you encounter issues, contact Adjust's Support -- as this is related to the Signature, some details cannot be shared here.

In version 5.0.1, what can I do if I don't want to use the signature verification feature of the application?

As of SDKV5, this is not supported. Please see the link shared above.

@G00fY2:

Naturally, we will go through the link you shared and similar in detail to see if something was missed on our end.

There was a review & check of avail. compiler options (includes the points by the article you shared), and all the relevant flags are already in place or not applicable. Due to security constraints and the pipeline, this is not surprising. I expect no size changes in the short to midterm (this includes keeping the size from increasing).

As the size is an outcome of the product's domain, I would close the issue. Concerns are, however, being tracked and further research will be appr. prioritized.

Thank you & open to thoughts.

dimim commented 1 week ago

Closing as per the above msg & the thumbs up. Ping away if concerns. Thanks!