On devices running Android 10 (API level 29) and higher you can tell the platform to run embedded DEX code directly from your app's APK file. This option can help prevent an attack if an attacker ever managed to tamper with the locally compiled code on the device.
If you're using the Gradle build system, to enable this feature do the following:
Set the
android::useEmbeddedDex
attribute totrue
in the<application>
element of your app's manifest file.Set
useLegacyPackaging
tofalse
in the module-levelbuild.gradle.kts
file (build.gradle
file if you're using Groovy).Kotlin
packagingOptions { dex { useLegacyPackaging = false } }
Groovy
packagingOptions { dex { useLegacyPackaging false } }
If you're using the Bazel build system, to enable this feature set the
android:useEmbeddedDex
attribute to true
in the <application>
element of
your app's manifest file and leave DEX files uncompressed:
android_binary( ... nocompress_extensions = [".dex"], )
Recommended for you
- Note: link text is displayed when JavaScript is off
- Tapjacking
- android:exported
- # Key management {:#key-management}