Warning- AWS Credentials exposed on Google Play Console
I have my app published on PlayStore. I am getting this warning on my Play Console that my AWS Credentials have been exposed and i won't be able upload new apk after 12 November 2018 if the problem persists. I use the credentials for uploading images to Amazon S3. The credentials are hard coded right now.
So i need to know what should be the way to rectify this.
Thanks in advance.
amazon-s3
google-play android-keystore android-security 
google-play-console asked Nov 12 '18 at 10:49
Vivek SharmaVivek Sharma
64
add a comment |
I have my app published on PlayStore. I am getting this warning on my Play Console that my AWS Credentials have been exposed and i won't be able upload new apk after 12 November 2018 if the problem persists. I use the credentials for uploading images to Amazon S3. The credentials are hard coded right now.
So i need to know what should be the way to rectify this.
Thanks in advance.
amazon-s3
google-play android-keystore android-security google-play-console asked Nov 12 '18 at 10:49
Vivek SharmaVivek Sharma
64
add a comment |
I have my app published on PlayStore. I am getting this warning on my Play Console that my AWS Credentials have been exposed and i won't be able upload new apk after 12 November 2018 if the problem persists. I use the credentials for uploading images to Amazon S3. The credentials are hard coded right now.
So i need to know what should be the way to rectify this.
Thanks in advance.
amazon-s3
google-play android-keystore android-security google-play-console asked Nov 12 '18 at 10:49
Vivek SharmaVivek Sharma
64
I have my app published on PlayStore. I am getting this warning on my Play Console that my AWS Credentials have been exposed and i won't be able upload new apk after 12 November 2018 if the problem persists. I use the credentials for uploading images to Amazon S3. The credentials are hard coded right now.
So i need to know what should be the way to rectify this.
Thanks in advance.
amazon-s3
google-play android-keystore android-security google-play-console amazon-s3
google-play android-keystore android-security google-play-console asked Nov 12 '18 at 10:49
Vivek SharmaVivek Sharma
64
asked Nov 12 '18 at 10:49
Vivek SharmaVivek Sharma
64
asked Nov 12 '18 at 10:49
Vivek SharmaVivek Sharma
64
asked Nov 12 '18 at 10:49
Vivek SharmaVivek Sharma
64
asked Nov 12 '18 at 10:49
Vivek SharmaVivek Sharma
64
64
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Amazon have a whole blog post on dealing with this problem, and a page on best practices.
Essentially you need to revert the old credentials, and use Amazon Cognito to control access.
An updated link on cognito lives here
edited Nov 20 '18 at 9:16
greuze
2,33332650
answered Nov 16 '18 at 8:46
Nick FortescueNick Fortescue
5,4701422
Yes, @Nick Fortescue amazon have whole blog post and using that created IAM user and add S3 policy by creating custom policy. Used Amzon cognito in old code than what I have to change in my current implementation
– Shweta Chauhan
Dec 11 '18 at 13:27
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53260569%2fwarning-aws-credentials-exposed-on-google-play-console%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Amazon have a whole blog post on dealing with this problem, and a page on best practices.
Essentially you need to revert the old credentials, and use Amazon Cognito to control access.
An updated link on cognito lives here
edited Nov 20 '18 at 9:16
greuze
2,33332650
answered Nov 16 '18 at 8:46
Nick FortescueNick Fortescue
5,4701422
Yes, @Nick Fortescue amazon have whole blog post and using that created IAM user and add S3 policy by creating custom policy. Used Amzon cognito in old code than what I have to change in my current implementation
– Shweta Chauhan
Dec 11 '18 at 13:27
add a comment |
Amazon have a whole blog post on dealing with this problem, and a page on best practices.
Essentially you need to revert the old credentials, and use Amazon Cognito to control access.
An updated link on cognito lives here
edited Nov 20 '18 at 9:16
greuze
2,33332650
answered Nov 16 '18 at 8:46
Nick FortescueNick Fortescue
5,4701422
Yes, @Nick Fortescue amazon have whole blog post and using that created IAM user and add S3 policy by creating custom policy. Used Amzon cognito in old code than what I have to change in my current implementation
– Shweta Chauhan
Dec 11 '18 at 13:27
add a comment |
Amazon have a whole blog post on dealing with this problem, and a page on best practices.
Essentially you need to revert the old credentials, and use Amazon Cognito to control access.
An updated link on cognito lives here
edited Nov 20 '18 at 9:16
greuze
2,33332650
answered Nov 16 '18 at 8:46
Nick FortescueNick Fortescue
5,4701422
Amazon have a whole blog post on dealing with this problem, and a page on best practices.
Essentially you need to revert the old credentials, and use Amazon Cognito to control access.
An updated link on cognito lives here
edited Nov 20 '18 at 9:16
greuze
2,33332650
answered Nov 16 '18 at 8:46
Nick FortescueNick Fortescue
5,4701422
edited Nov 20 '18 at 9:16
greuze
2,33332650
edited Nov 20 '18 at 9:16
greuze
2,33332650
edited Nov 20 '18 at 9:16
greuze
2,33332650
2,33332650
answered Nov 16 '18 at 8:46
Nick FortescueNick Fortescue
5,4701422
answered Nov 16 '18 at 8:46
Nick FortescueNick Fortescue
5,4701422
answered Nov 16 '18 at 8:46
Nick FortescueNick Fortescue
5,4701422
5,4701422
Yes, @Nick Fortescue amazon have whole blog post and using that created IAM user and add S3 policy by creating custom policy. Used Amzon cognito in old code than what I have to change in my current implementation
– Shweta Chauhan
Dec 11 '18 at 13:27
add a comment |
Yes, @Nick Fortescue amazon have whole blog post and using that created IAM user and add S3 policy by creating custom policy. Used Amzon cognito in old code than what I have to change in my current implementation
– Shweta Chauhan
Dec 11 '18 at 13:27
Yes, @Nick Fortescue amazon have whole blog post and using that created IAM user and add S3 policy by creating custom policy. Used Amzon cognito in old code than what I have to change in my current implementation
– Shweta Chauhan
Dec 11 '18 at 13:27
Yes, @Nick Fortescue amazon have whole blog post and using that created IAM user and add S3 policy by creating custom policy. Used Amzon cognito in old code than what I have to change in my current implementation
– Shweta Chauhan
Dec 11 '18 at 13:27
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53260569%2fwarning-aws-credentials-exposed-on-google-play-console%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
