If you unzip an apk file you'll find that all the res files are on display. This can cause a vulnerability. Is it possible to get the proguard tool to obfuscate the filenames in order to hide their purpose?

ProGuard can handle resources files in the following ways:

1. Rename them to follow obfuscated names of corresponding class files (-adaptresourcefilenames),
2. Update obfuscated class names in text files (-adaptresourcefilecontents),
3. Otherwise, just copy them.

ProGuard doesn't change file extensions or touch the contents of image files, for instance.

So Thinksteep's interpretation of the ProGuard FAQ is too broad, I'm afraid.

Yes, As per this documentation

Does ProGuard handle resource files? Yes. ProGuard copies all non-class resource files, optionally adapting their names and their contents to the obfuscation that has been applied.

Here are the options you need to use -adaptresourcefilenames and/or -adaptresourcefilecontents.

The resources needs to be accessible to the operating system, so it has to be readable.

If you really want to keep it secure, you could consider storing it encrypted as a raw asset, then load it, decrypt it into a ByteStream and pass it into the BitmapFactory. That, of course, has slight performance ramifications and will force you to hand-code a lot of stuff that you could have easily done in XML otherwise.

That all aside, there are many ways to steal data - if it's a drawable, people could just take a screenshot.