Why ProGuard/R8 isn't enough
ProGuard and R8 are build-optimization tools. Protection is a different layer — and the two are used together.
Almost every Android app uses R8 (or ProGuard). It's useful — but there's a common misconception: that name obfuscation equals app protection.
What ProGuard/R8 do
They shrink, optimize and rename identifiers (class/method names). Free and valuable — but the bytecode itself remains and is still decompilable.
What they don't do
They don't encrypt your DEX, don't add RASP, don't obfuscate native code, and don't detect tampering or hooking. A decompiler still reconstructs your logic — just with renamed symbols.
What hardening adds
Appsolid adds DEX packing & encryption (code isn't present statically), native O-MVLL obfuscation, string/control-flow obfuscation, RASP, tamper detection and production threat telemetry.
Use both
Keep R8 for size and performance, and add Appsolid after the build for protection — with no source-code changes.
The takeaway
R8 is optimization; protection is a separate layer. Compare before/after in a decompiler and the difference is clear.