How to analyze leak trace of obfuscated 3rd party library code

Question

I found a memory leak (using LeakCanary), but code in leak trace is obfuscated. I don't have much experience with code obfuscation and I want to know if there is a way to to deobfuscate it, or maybe disable code obfuscation for that third library code?

The third library code I am using is yandex-ads-sdk. Leak trace:

2020-10-20 12:03:00.931 D/LeakCanary: ​
┬───
│ GC Root: System class
│
├─ com.yandex.metrica.impl.ob.dr class
│    Leaking: NO (a class is never leaking)
│    ↓ static dr.a
│                ~
├─ com.yandex.metrica.impl.ob.dr instance
│    Leaking: UNKNOWN
│    Retaining 125 bytes in 5 objects
│    f instance of com.example.Application
│    ↓ dr.h
│         ~
├─ com.yandex.metrica.impl.ob.bj instance
│    Leaking: UNKNOWN
│    Retaining 1538 bytes in 60 objects
│    q instance of com.example.MainActivity with mDestroyed = false
│    a instance of com.example.Application
│    ↓ bj.n
│         ~
├─ com.yandex.metrica.impl.ob.aao instance
│    Leaking: UNKNOWN
│    Retaining 249 bytes in 13 objects
│    ↓ aao.i
│          ~
├─ com.yandex.metrica.uiaccessor.a instance
│    Leaking: UNKNOWN
│    Retaining 12 bytes in 1 objects
│    ↓ a.b
│        ~
├─ com.yandex.metrica.uiaccessor.a$1 instance
│    Leaking: UNKNOWN
│    Retaining 368482 bytes in 3462 objects
│    Anonymous subclass of androidx.fragment.app.FragmentManager$FragmentLifecycleCallbacks
│    a instance of com.example.MainActivity with mDestroyed = true
│    ↓ a$1.a
│          ~
╰→ com.example.MainActivity instance
​     Leaking: YES (ObjectWatcher was watching this because com.example.MainActivity received
​     Activity#onDestroy() callback and Activity#mDestroyed is true)
​     Retaining 368470 bytes in 3461 objects
​     key = 5b3ef21a-0cf4-4dae-b329-9dd2e9d2657e
​     watchDurationMillis = 5398
​     retainedDurationMillis = 397
​     mApplication instance of com.example.Application
​     mBase instance of android.app.ContextImpl, not wrapping known Android context

METADATA

Build.VERSION.SDK_INT: 26
Build.MANUFACTURER: samsung
LeakCanary version: 2.5
App process name: com.example.app
Stats: LruCache[maxSize=3000,hits=2461,misses=58027,hitRate=4%]
RandomAccess[bytes=2861846,reads=58027,travel=20176117749,range=13550252,size=16944114]
Analysis duration: 32101 ms

Answer 1

Unfortunately, the Yandex library is obfuscated and you'd need to mapping file to be able to deobfuscate the leak trace (see https://square.github.io/leakcanary/changelog/#deobfuscating-hprof-files)

If you want to dig further, you can download the mobmetricalib AAR on Maven central (direct link and then use JD-GUI to decompile the bytecode. It'll still be obfuscated but you can navigate it. For example, here's the content of the a class at the bottom of the leak trace:

package com.yandex.metrica.uiaccessor;

import android.app.Activity;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.v4.app.FragmentActivity;
import android.support.v4.app.FragmentManager;

public class a implements b {
  @NonNull
  private final a a;
  
  @Nullable
  private FragmentManager.FragmentLifecycleCallbacks b;
  
  public a(@NonNull a parama) throws Throwable {
    this
      .a = parama;
  }
  
  public void b(@NonNull Activity paramActivity) throws Throwable {
    if (paramActivity instanceof FragmentActivity) {
      if (this.b == null)
        this
          .b = new FragmentLifecycleCallback(this.a, paramActivity); 
      ((FragmentActivity)paramActivity)
        .getSupportFragmentManager()
        .unregisterFragmentLifecycleCallbacks(this.b);
      ((FragmentActivity)paramActivity).getSupportFragmentManager().registerFragmentLifecycleCallbacks(this.b, true);
    } 
  }
  
  public void a(@NonNull Activity paramActivity) throws Throwable {
    if (paramActivity instanceof FragmentActivity && this.b != null)
      ((FragmentActivity)paramActivity).getSupportFragmentManager().unregisterFragmentLifecycleCallbacks(this.b); 
  }
  
  public static interface a {
    void a(@NonNull Activity param1Activity);
  }
}

I would recommend reaching out to the owners of the library with the leaktrace and ask them to fix it.