Warning- AWS Credentials exposed on Google Play Console - amazon-s3

I have my app published on PlayStore. I am getting this warning on my Play Console that my AWS Credentials have been exposed and i won't be able upload new apk after 12 November 2018 if the problem persists. I use the credentials for uploading images to Amazon S3. The credentials are hard coded right now.
So i need to know what should be the way to rectify this.
Thanks in advance.

Amazon have a whole blog post on dealing with this problem, and a page on best practices.
Essentially you need to revert the old credentials, and use Amazon Cognito to control access.
An updated link on cognito lives here

Related

Is it possible to upload files from an without asking the user to sign in?

I have a Dropbox account.
I would like to use it, so that an android app can upload photos to my Dropbox account, without the user of the app having to know my credentials to log in.
Is that possible ?
Is there a programmatic way, that I can get my app to do this, without the user of the app having to know my dropbox password ?
EDIT: I don't understand why this is down voted. If there are multiple posts asking how to do this, by different users, and it is with regard to finding a programmatic why to log in, then it is relevant and shouldn't be down voted.
Refer to this thread on dropbox forums which says that they did not include the file requests feature in their apis so its not possible through apis.
Since the native api does not support this feature you can redirect your user from your app to dropbox app to create file requests.

Google Drive API oauth 2 error

I managed to get the code runing to a point where i can upload and download files in my android app from google drive using the api. However i uploaded my app to Google Play and when a user installs it the first time the oauth 2 screen pops up and requires to select account(which is great) but when the user selects Google account the oauth screen just keep appearing and looping.
Did anyone encounter this before?
As stated in this thread, maybe you did not create credentials for your app. As described in this documentation, you must retrieve your SHA-1 keys for both the debug and production environments and add them in your credentials in the Google Developers Console.

OAuth2 Troubles with PicasaWeb API

I have spent the last couple of nights bashing my head against the wall amongst a see of conflicting out of date documentation and semi-helpful blog posts that were/are appropriate to what I am trying to do.
Essentially I want to write a wee personal app do download my images from PicasaWeb/Google+ and store them on my local hard disk.
I have managed to do the following:
Figured out the GData API for the appropriate request to get private album data (works fine in my 'google-logged-in' chrome browser)
Got the correct private data back from my GData URL with the token generated by the OAuth playground.
Managed to get an OAuth2 token back from https://www.googleapis.com/oauth2/v3/token using JWT.
However - when I try my access token I generate myself I get back a forbidden response with the message 'Not authorized to view access private'.
I am pretty stumped - my only guess is that my service account configured in google developers console doesn't actually have access to my personal google stuff like google+ photos. When I look in there I can see the OAuth playground has access. How do I give my app access - and do I need to in this scenario?
Thanks in advance,
Robert
"my only guess is that my service account configured in google developers console doesn't actually have access to my personal google stuff".
Totally correct.
I guess I see 2-3 questions per month on SO where people have made the false assumption that a Service Account is some kind of proxy to their Google Account. It isn't. It's a completely new and independent account.
The two approaches you can take are:-
Share the items to the Service Account so it has permission to access them.
Give your app direct access to your Picassa account. See How do I authorise an app (web or installed) without user intervention? (canonical ?) for the steps involved.

How to Give Access to non-public Amazon S3 bucket folders using Parse authenticated user

We are developing a mobile app using Parse as our BAAS solution but using Amazon S3 for storage of our media files. All of our users upload media files into their own individual folders inside of our app's bucket. As the user uploads media files we update their records in Parse so it knows where to download the files. That's the easy part.
I've spent quite a bit of time researching the different policies for S3 buckets and I am trying to get a grip on the proper way to ensure the security of the content uploaded. If you do all of your work with DynamoDB or SimpleDB then it's easy because you're essentially adjusting your ACLs with the IAM accounts and whatnot. If you use Amazon Cognito it's also easy because authentication happens through Google, Facebook or Amazon accounts. In my case I am using Parse to authenticate users which cannot speak to Amazon directly.
My goal is that only the currently logged in Parse user with ID #1234567 can access their own 1234567 folder and files (as well as any other user given permission by this person for collaboration). Here is a post similar to what I'm trying to accomplish: amazon S3 bucket policy - restricting access by referer BUT not restricting if urls are generated via query string authentication
...but how do I accomplish this with the current user's ID number?
Even better question is whether that post mentioned above is best practice or should I instead be looking at creating an EC2 server to handle access to these files? Should I be looking at CloudFront to serve private content? Or is there another method that works better for what I am trying to accomplish? I am going in circles and my head is spinning.
Thanks to whoever can help straighten me out.
Well since Parse is being shut down I am migrating to another service. This question is no longer relevant.

Is it possible to create dynamic user permissions in S3 and How?

I've a iOS app and I would like my users to upload images to S3 directly.
I need UserX to be able to upload folders to __MY_BUCKET__/UserX/* Only. So that each one of my users have their own folder and only they can modify content in them.
Given that scenario I need to create dynamic permissions to my S3 bucket
Is that possible?
If it is... maybe I am in the right path or not....
What I've done so far is
I am using this guide to create Elastic Beanstalk with a Token Vending Machine. Then I used this other guide to configure the TVM.
Now my issue with that in none of the guides it shows an example of how to register a dynamic user (my app user) or how get the token from the TVM or how to say "Hey TVM, this userID needs upload access to __BUCKET_/ThiUserID/*" from a iOS app.
So I guess what I wonder, is how do I fill the gaps if what I am trying to achieve is possible?
I'm one of the maintainers of the AWS Mobile SDKs. The page you linked to includes projects for both iOS and Android that show how to integrate the customized TVM code in a mobile application. I suggest you look there and if you need further clarification, please update your with specific questions about the code.
You may also want to look at our web identity federation sample which is included with the SDKs. In combination with IAM policy variables, you can generate dynamic policies without the use of a Token Vending Machine.