jeudi 4 juin 2015

How to use AWS S3 credentials in android for uploading contents

I am using AWS S3 to upload and store contents in my Android application. I am using the below code in a java file:

AmazonS3Client s3Client = new AmazonS3Client(
                    new BasicAWSCredentials("XYZ",
                            "ABC+wktN")); 

But this seem to be easy to retrieve (even if the apk is signed!). I tried using progaurd but that crashes app on some mobiles devices (especially this AWS part).

Is there any approach where i can hide credentials in Code without anyone being able to retrieve it? Or has anyone used any other method? One option is to upload to a intermediate server and the server uploads it to AWS S3, but thats an extra hop. Another is make the app get credentials from server through an URL call instead of having the credentials on mobile, but if a hacker can get the credentials directly he can get the URL as well and get the key.




Aucun commentaire:

Enregistrer un commentaire