I don't work with Android, but java code is usually visible after decompilation. Unless there is specific obfuscation tech being used, you should assume all your java code can be seen by others.
That's weird. By "method variable names" I mean local variables, i.e. those declared inside a method.
I'm not getting the same results as you with a little sample program I wrote - see: https://gist.github.com/JosephRedfern/662131ceb2119abf3e83. Field names and method names are preserved (which make sense), but local variable names are lost (which also makes sense to me!)
Are you sure that your example code doesn't include debug information?
I decompiled the dex file, but not the Java Class file.
I suppose this is diverging a little from the original comment (which was in the context of an Android application), but surely if running `strings` on the class file found the method, class and field names then it would also find the local variable name too, if it was there.
If I specifically compile the java file with `javac -g:vars DecompilationTest.java` then the local variable name IS included in the file. It is not by default.
Proguard is set up to obfuscate by default on release builds with the default build script, but many devs often turn it off or use a different build system without it as a build step. You often need to add exceptions for 3rd party libs that rely on class names or variable names not changing for whatever reason (usually reflection).
