2. 1 INTRODUCTION.......................................................................................................................................3
1.1 IDENTITY MANAGEMENT IN AMAZON AWS.....................................................................................................3
2 IDENTIFYING THE PROBLEM ....................................................................................................................4
3 DATA ANALYSIS.......................................................................................................................................6
4 ATTACK SCENARIOS AND HYPOTHESIS ....................................................................................................8
5 CONCLUSIONS AND RECOMMENDATIONS ..............................................................................................8

3. 0
500000
1000000
1500000
2010 2011 2012 2013 2014
TOTALNUMBEROFAPPS
YEAR
TOTAL NUMBER OF APPS PER MARKET
Apple Store
Google Play
Amazon Appstore

4. # Fill in your AWS Access Key ID and Secret Access Key
# http://aws.amazon.com/security-credentials
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# This sample App is for demonstration purposes only.
# It is not secure to embed your credentials into source code.
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
accessKey=AKIAJZUGBMWUTJOS2A
secretKey=0OvgWIKJ3EnsmSSpw1HPzV3VgWA643LCBTfPHW+

5. 





6. 


7%
93%
Availability of the analyzed apps in the markets
Not available Available
58,7
41,3
Different AWS access key found
Operational (37) Not operational (26)

7. 



0
2
4
6
8
10
12
14
16
Sharing of access keys for different apps
22
15
Total number of operational
access keys
Credentials allowing full control Credential allowing write

9. The information disclosed in this document is the property of Telefónica Digital Identity & Privacy, S.L.U. (“TDI&P”) and/or any other entity
within Telefónica Group and/or its licensors. TDI&P and/or any Telefonica Group entity or TDI&P’S licensors reserve all patent, copyright
and other proprietary rights to this document, including all design, manufacturing, reproduction, use and sales rights thereto, except to the
extent said rights are expressly granted to others. The information is this document is subject to change at any time, without notice.
Neither the whole nor any part of the information contained herein may be copied, distributed, adapted or reproduced in any material
form except with the prior written consent of TDI&P.
This document is intended only to assist the reader in the use of the product or service described in the document. In consideration of
receipt of this document, the recipient agrees to use such information for its own use and not for other use.
TDI&P shall not be liable for any loss or damage arising out from the use of the any information in this document or any error or omission
in such information or any incorrect use of the product or service. The use of the product or service described in this document are
regulated in accordance with the terms and conditions accepted by the reader.
TDI&P and its trademarks (or any other trademarks owned by Telefonica Group) are registered service marks. All rights reserved.