Home/ Questions/Q 6122879
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T15:57:03+00:00

Amazon Cloud Services (AWS) has provided the ready to use Library to make calls

  • 0

Amazon Cloud Services (AWS) has provided the ready to use Library to make calls to SDB, S3, SNS etc right from your Android app. This makes it really easy for a mobile developer who is not familiar with web services and web applications to create a completely scalable cloud based app.
We give the Amazon Access Credentials in these API calls to connect to our cloud Account; My question is:

  1. How do I effectively use Key rotation in the app, since I would be distributing the app, once the change in key could mean a period disruption for the existing users.
  2. Would hard coding the Amazon Access Credentials inside the code (as a field Constant etc) make it vulnerable to extraction? Via decompiling etc.?
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I talked to the Amazon Advocate for our region and he told that Amazon client library is not designed for such a purpose.

    • It could be used in for in-house apps (not being published), like client-demo apps.
    • If you’re bundling the Credentials with an app to be published in open market (not recommended), use IAM and create a separate credential with with restricted access.
    • If you’re building an app like Instagram, you may have to setup a web server to proxy your calls to Amazon (effectively making the client library useless).

    Obviously, I was not very convinced. I think an entire client library to Amazon communication (bypassing the need for a webserver) could be a great advantage for Mobile devs.

    • 0