The fewer -keep options you can use, the better your results will be, in terms of optimization and obfuscation. If you don't have the time to find an optimal configuration, you can take a more conservative approach. The most conservative solution is to preserve all classes, fields, and methods in the library, so any internal reflection will continue to work:

-keep class 3rd_party_lib_name.** {*;}

Slightly less conservative, but typically sufficient: preserve all public API:

-keep public class 3rd_party_lib_name.** {
    public *;
}

Even less conservative: only preserve public classes, but not necessarily their fields or methods:

-keep public class 3rd_party_lib_name.**

Some experimentation can go along way.

As ben75 mentions, this doesn't account for third party libraries performing reflection on your own code.

The major problem with proguard and code obfuscation in general is that classname, methods and fields name are modified. ( i.e. myExplicitMethodName() became a() )

When a classname, method name or a field is modified, you cannot access it using the reflection API (i.e. Class.classForName(...) , ... )

Knowing that, it's a best practice to -keep all classes and libraries that can be invoked using the reflection API.

For 3rd party libraries, if you don't know if they use or not the reflection API : then -keep

For your own code: hopefully, you know in which classes you use it. So use -keep for those classes.

Note that some popular framework like dagger or jackson use the reflection API on your own classes, so if you use them, be careful!