0

I encountered an issue while using AWS S3 in my app to download a file from it. However, upon deploying my app on Google Play, I received a warning about a potential AWS authorization leak.

val credentials = BasicAWSCredentials(BuildConfig.ACCESS_KEY_S3, BuildConfig.SECRET_ACCESS_KEY_S3)
val s3Client = AmazonS3Client(credentials, Region.getRegion(BuildConfig.REGION))

// Download file
val s3Object: S3Object? = try {
    s3Client.getObject(BuildConfig.BUCKET, fileName)
} catch (e: Exception) {
    onState(Resource.error(null, "AmazonS3Client Error downloading file: ${fileName} $e"))
    null
}

I stored the credentials in BuildConfig, but the warning persists. Could someone please provide a solution?

Improve this question
1
  • What is your use-case? Do you want your app to be able to download a specific file, or does the file change? Would it be okay to make this file 'public', or does it need to be protected? Are you running a back-end that authenticates users or authenticates the app? By telling us more about your situation, we will be able to provide an appropriate recommendation. Commented Apr 4, 2024 at 5:55

1 Answer 1

Reset to default
0

Using Access / Secret hardcoded or exposed is not a good idea even though it is having restricted access. You could use the option of Signed URLs as in the section at link to safely expose it.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.