aws-amplify / aws-sdk-android

AWS SDK for Android. For more information, see our web site:
https://docs.amplify.aws
Other
1.03k stars 548 forks source link

How protect PoolId in awsconfiguration.json? #711

Closed luych888 closed 5 years ago

luych888 commented 5 years ago

State your question Hi Team:

I'm app developer and use polly android sdk. I have a question, when I write my PolId in awsconfiguration.json in "raw" folder, after I release my app, other user just need unzip my apk and get my PolId in awsconfiguration.json, if he use my PolId in his app, I will pay for him, so how can I protect my PolId?

Expect your replay!

Best Regards! Lu Which AWS Services are you utilizing? Polly Provide code snippets (if applicable)

{
  "Version": "1.0",
  "IdentityManager": {
    "Default": {}
  },
  "CredentialsProvider": {
    "CognitoIdentity": {
      "Default": {
        "PoolId": "us-west-2:XXXX",
        "Region": "us-west-2"
      }
    }
  }
}

Environment(please complete the following information):

Device Information (please complete the following information):

HUAWEI P20 Pro

If you need help with understanding how to implement something in particular then we suggest that you first look into our developer guide. You can also simplify your process of creating an application, as well as the associated backend setup by using the Amplify CLI.

mutablealligator commented 5 years ago

@luych888 Thank you for reporting to us. We are discussing this issue internally with the team. I will post an update here when I have more information.

luych888 commented 5 years ago

Hi Kvasukib:

Thanks for your investigating this issue. Any update?

Best Regards! Yongchun Lu

mutablealligator commented 5 years ago

@luych888 Sorry for the delayed response. I am currently working on this and will provide an update soon.

mutablealligator commented 5 years ago

@luych888 I have submitted a PR #1002 to allow passing a JSONObject containing the configuration from the awsconfiguration.json file. You can store the information in JSONObject in your own secure mechanism and provide it at runtime through the constructor.

mutablealligator commented 5 years ago

@luych888 The fix to add a new constructor has been released in 2.13.6 version of the SDK. Please upgrade and let us know if it solves your problem.

luych888 commented 5 years ago

Dear Kvasukib,

Thank you so much!

We will try it as soon as possible!

Best Regards! Yongchun Lu

luych888 commented 5 years ago

Dear Kvasukib,

The solution is work, please help close this issue!

Thanks again~