amazon-web-servicesaccess-keys

Amazon Web Services credentials may be exposed


Recently Google provided alert to one of my Apps that

Your Amazon Web Services credentials may be exposed. This exposure of your credentials could lead to unauthorized access to your AWS account, which may include associated excessive charges, and potentially unauthorized access to your data and your users' data.

In the application, I'm using Amazon Product Advertising API to get and display the information related to some products.

I'm using SignedRequestsHelper class provided by the Amazon to request the data.

I need to know how can I protect my AWS keys in the Android app.

Thanks.


Solution

  • I need to know how can I protect my AWS keys in the Android app.

    As soon the credentials are at the client side, you can consider them compromised. Storing credentials in the app is usually wrong idea.

    you provided no other requirements or constraits, so without assuming anything I could only suggest a few ideas