Security News > 2020 > August > Please stop hard-wiring AWS credentials in your code. Looking at you, uni COVID-19 track-and-test app makers
The Michigan institution announced its plan on July 28, which calls for testing coordinated by Testing Centers of America and the use of a health monitoring app called Aura Sequential Testing.
"All students will utilize Aura, an app developed by Nucleus Healthcare, that organizes the College's COVID-19 testing and public health approach," Albion said in a statement.
The keys could, we're told, be used to access the app's backend data and virtual machines in the Amazon-hosted US-West-2 region, including people's COVID-19 test result and medical insurance information.
Q3w3e3, who said she made her Twitter account private following media inquiries about her posts, told The Register in a phone interview that she found the hardcoded AWS credentials stored within the Android app.
She said it's quite possible the stored data has already been compromised because there are bots that regularly scrape the App Store and Google Play for apps with hardcoded credentials to exploit.