Gradle DSL Reference
Complete reference for the Shield Gradle plugin configuration DSL.
Shield Block
The shield block is the top-level configuration for the plugin:
Groovy
shield {
enabled = true
projectToken = "your-token"
protectionSecret = "optional-secret"
verbose = true
protections {
// Protection flags
}
excludedPackages = ['android', 'androidx']
variant('release') {
// Variant-specific overrides
}
all {
// Applied to all variants
}
}shield {
enabled = true
projectToken = "your-token"
protectionSecret = "optional-secret"
verbose = true
protections {
// Protection flags
}
excludedPackages = ['android', 'androidx']
variant('release') {
// Variant-specific overrides
}
all {
// Applied to all variants
}
}Top-Level Properties
| Property | Type | Default | Description |
|---|---|---|---|
enabled | Boolean | true | Enables or disables Shield entirely. Set to false to skip protection without removing the configuration |
projectToken | String | — | Required. Your ByteHide project token. Used for license validation and cloud integration |
protectionSecret | String? | Auto-generated | Optional secret for mapping file association. If not set, a UUID is generated per build |
verbose | Boolean | false | Prints detailed protection output during the build |
excludedPackages | List<String> | [] | Packages to skip during protection. See Excluded Packages |
Protections Block
The protections block controls which protections are applied:
Groovy
shield {
protections {
stringEncryption = true
constantMutation = true
debugRemoval = true
nameObfuscation = true
controlFlowObfuscation = true
antiDebug = true
referenceProxy = true
resourceProtection = true
antiTamper = true
}
}shield {
protections {
stringEncryption = true
constantMutation = true
debugRemoval = true
nameObfuscation = true
controlFlowObfuscation = true
antiDebug = true
referenceProxy = true
resourceProtection = true
antiTamper = true
}
}Protection Properties
| Property | Type | Default | Description |
|---|---|---|---|
stringEncryption | Boolean | false | Encrypts string literals in bytecode. Decrypted at runtime via StringDecryptor |
constantMutation | Boolean | false | Transforms numeric constants into equivalent arithmetic expressions |
debugRemoval | Boolean | false | Strips LineNumberTable and LocalVariableTable from bytecode |
nameObfuscation | Boolean | false | Renames classes, methods, and fields. Disable when R8 minifyEnabled is true |
controlFlowObfuscation | Boolean | false | Inserts opaque predicates and restructures method control flow |
antiDebug | Boolean | false | Injects runtime checks that detect debuggers, Frida, and instrumentation tools |
referenceProxy | Boolean | false | Replaces direct method calls with proxy indirection |
resourceProtection | Boolean | false | Protects application resources from extraction and analysis |
antiTamper | Boolean | false | Verifies application integrity at runtime and detects package modifications |
All protections default to false. Enable only the protections you need. See Protections for detailed documentation on each.
Variant Configuration
Shield supports per-variant configuration. This lets you apply different protection settings to debug and release builds:
Groovy
shield {
projectToken = System.getenv('SHIELD_PROJECT_TOKEN')
variant('debug') {
verbose = true
protections {
stringEncryption = false
debugRemoval = false
}
}
variant('release') {
protections {
stringEncryption = true
constantMutation = true
debugRemoval = true
nameObfuscation = true
controlFlowObfuscation = true
antiDebug = true
referenceProxy = true
resourceProtection = true
antiTamper = true
}
}
}shield {
projectToken = System.getenv('SHIELD_PROJECT_TOKEN')
variant('debug') {
verbose = true
protections {
stringEncryption = false
debugRemoval = false
}
}
variant('release') {
protections {
stringEncryption = true
constantMutation = true
debugRemoval = true
nameObfuscation = true
controlFlowObfuscation = true
antiDebug = true
referenceProxy = true
resourceProtection = true
antiTamper = true
}
}
}See Variant Configuration for detailed usage.
all { } Block
The all block applies configuration to every variant:
Groovy
shield {
all {
excludePackages('android', 'androidx', 'kotlin', 'kotlinx')
}
}shield {
all {
excludePackages('android', 'androidx', 'kotlin', 'kotlinx')
}
}Kotlin DSL
All examples above use Groovy DSL. Here is the equivalent in Kotlin DSL:
Kotlin
// app/build.gradle.kts
shield {
projectToken = System.getenv("SHIELD_PROJECT_TOKEN")
verbose = true
protections {
stringEncryption = true
constantMutation = true
debugRemoval = true
}
excludedPackages = mutableListOf(
"android",
"androidx",
"kotlin",
"kotlinx"
)
variant("release") {
protections {
nameObfuscation = true
controlFlowObfuscation = true
antiDebug = true
}
}
}// app/build.gradle.kts
shield {
projectToken = System.getenv("SHIELD_PROJECT_TOKEN")
verbose = true
protections {
stringEncryption = true
constantMutation = true
debugRemoval = true
}
excludedPackages = mutableListOf(
"android",
"androidx",
"kotlin",
"kotlinx"
)
variant("release") {
protections {
nameObfuscation = true
controlFlowObfuscation = true
antiDebug = true
}
}
}Complete Example
A production-ready configuration with R8 enabled:
Groovy
// app/build.gradle
plugins {
id 'com.android.application'
id 'org.jetbrains.kotlin.android'
id 'com.bytehide.shield' version '1.0.0'
}
android {
compileSdk 34
defaultConfig {
minSdk 21
targetSdk 34
}
buildTypes {
release {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_11
targetCompatibility JavaVersion.VERSION_11
}
}
shield {
projectToken = System.getenv('SHIELD_PROJECT_TOKEN')
protections {
stringEncryption = true
constantMutation = true
debugRemoval = true
nameObfuscation = false // R8 handles renaming
controlFlowObfuscation = true
antiDebug = true
referenceProxy = true
resourceProtection = true
antiTamper = true
}
excludedPackages = [
'android',
'androidx',
'kotlin',
'kotlinx',
'com.google',
'com.squareup'
]
verbose = false
}
dependencies {
implementation 'com.bytehide:shield-java-runtime:1.0.0'
}// app/build.gradle
plugins {
id 'com.android.application'
id 'org.jetbrains.kotlin.android'
id 'com.bytehide.shield' version '1.0.0'
}
android {
compileSdk 34
defaultConfig {
minSdk 21
targetSdk 34
}
buildTypes {
release {
minifyEnabled true
shrinkResources true
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_11
targetCompatibility JavaVersion.VERSION_11
}
}
shield {
projectToken = System.getenv('SHIELD_PROJECT_TOKEN')
protections {
stringEncryption = true
constantMutation = true
debugRemoval = true
nameObfuscation = false // R8 handles renaming
controlFlowObfuscation = true
antiDebug = true
referenceProxy = true
resourceProtection = true
antiTamper = true
}
excludedPackages = [
'android',
'androidx',
'kotlin',
'kotlinx',
'com.google',
'com.squareup'
]
verbose = false
}
dependencies {
implementation 'com.bytehide:shield-java-runtime:1.0.0'
}ProGuard Rules Compatibility
Shield respects standard ProGuard keep rules from your proguard-rules.pro file. This means any existing keep rules in your project are automatically honored by Shield, in addition to the Gradle DSL configuration.
Supported directives include -keep, -keepclassmembers, -keepclasseswithmembers, -keepnames, -keepclassmembernames, and -dontobfuscate. See R8 & ProGuard Compatibility for the full list.
Related
- Variant Configuration — Debug vs release settings
- Excluded Packages — Controlling which packages Shield processes
- R8 & ProGuard Compatibility — ProGuard backward compatibility and R8 integration