How secure is it to call Amazon S3 Services from an iPhone?

I want to make calls to the Amazon S3 rest API through an iPhone app. It means that I will have to write in my iPhone app the secretAccessKey and the accessKey of the Amazon S3 service.

If my app goes on the appstore, is it going to be dangerous for me? Maybe some peo开发者_如何学运维ple will extract my secretKey and my key to use it for other purposes? Is there a way to protect my app from this kind of attacks?

Thanks!

Martin

If possible you shouldn't store your keys in your app.

You can see a lengthy discussion of the topic here: Architectural and design question about uploading photos from iPhone app and S3 (check out Adrian Petrescu's answer).

There are a couple of options here. First, upload your data to a central server and then onto S3. Your keys stay private on your server. Or you can look at presigning your URLs.