DexProtector Android documentation


iOS documentation
Android menu


Completing the DexProtector Process

Final Checklist

The DexProtector process can be completed as soon as you have finalized all of the steps necessary for activation and configuration. We especially recommend making sure that you have done all of the following before protecting your application:

  • Activated your DexProtector license (CLI or DexProtector Studio)
  • Set your protection mechanisms and filters (configuration file or DexProtector Studio)
  • Specified your signing options (CLI, DexProtector Gradle plugin, configuration file, or DexProtector Studio)

Run DexProtector via the CLI

To run DexProtector via the CLI, use the following command:

java -jar dexprotector.jar <options> <src> <dest>

Here <src> is a path to the file intended for protection, and <dest> specifies the destination path for the protected file (it may be the same as <src>). The <options> are as follows:


DexProtector version and license status info


Activate DexProtector using your unique, single-use activation code


Generate a request code for offline activation.


Complete the offline activation process by entering the response code that you have received.

-licenseFile filename

Specify the location of the DexProtector license file under a different name and/or path from the default. **

-proguardMapFile path

Specify the absolute path to the ProGuard mapping file, if ProGuard is used. Note: This is not necessary for users of the DexProtector Gradle plugin. **


Print the verbose log of the DexProtector process to stdout. **

-configFile filename

Specify the location of the DexProtector configuration file under a different name and/or path from the default (dexprotector.xml).

-signMode debug|release|google|amazon|none

Mode of signing the output file (default: debug). **

-keystore path

Path to the file containing the signing keys. **

-alias  name

Key alias. **

-storepass password

Password to the keystore file containing the signing keys. **

-keypass password

Password for the signing key. **

-certificate path

Note: Only for signMode == none. Specifies the path to the signing certificate file. This is necessary if the the app's signing is delayed until after it has been DexProtected (for platform/system/pre-installed apps). **


Note: Only for signMode == Google, or signMode == Amazon. Specifies the target Google Play app signing key / Amazon signature's SHA256 certificate fingerprint. **


Specify path to a file containing a list of log servers for Certificate Transparency. Note that the path name should start from the project's root. If this path is not set, DexProtector uses a default log server list ( If you want to create your own, please follow the JSON format of the default one. **


Specify that the file to be DexProtected is a library/SDK (AAR - Android archive) **


Specify ABI configurations for which DexProtector native protection libraries will be added. See supported ABIs.

Run DexProtector via DexProtector Studio

When you have configured your protection settings (see our guide to configuring DexProtector and our guide to the protection process with DexProtector Studio), you can check in the 'Package structure' window that your code and resources are being targeted as expected; each protected class, method, and file will bear an icon indicating HA, SE, CE, RE, or NLE, for Hide Access, String Encryption, Class Encryption, Resource Encryption, and Native Library Encryption respectively.

DexProtector Studio package structure window showing protections

When you are satisfied with your protection configuration, you can see an analysis of what in the package will be protected by selecting the 'Overview' tab. In this example, all 2461 of 2461 classes are targeted for protection, as well as all the methods and strings they contain; the signing mode is 'Debug'; and Public Key Pinning and reporting to Alice are both enabled:

Then click 'Run protection' and you can observe the DexProtector process as it occurs. This should only take several seconds.

Afterwards, you can easily view the the protection log, the path to the protected package, and an overview of recent protection results:

And when you are finished, you can save your newly created configuration profile to be referenced, reused, or adapted later: