从公共移动应用程序收集数据

Question

I'll like to collect information from a mobile application I created. The app allow users to use it without authentication and also I'll like to collect the data to highly-available service such as AWS SQS so I'll not miss any data.
The application is always connected to the internet so no need for offline collection of the data.

What bother me is how can I send the data in a secure manner so that users will not be able to send fake data into the same endpoint I'm using.

Google Analytics is not fit here because I need access to the raw data, not only aggregate of it.

Answer 1

You should look into STS for getting temporary access credentials from your app instead of hard coding AWS credentials into your app.

The fact that your application does not require authentication does not necessarily mean you are at an increased likelihood of having a malicious actor send bad data to your service. If your app had authentication it would still be possible for a malicious actor to reverse engineer the requests and send bad data using the authenticated credentials.

While sending data directly to SQS is a valid option, you could also send the data into SNS if you want to have the ability to fan out to multiple systems such as multiple SQS queues.

You could also look into using API Gateway + Lambda as the service that is called from your app even if the Lambda function only sends the data to SQS as this would allow for additional processing flexibility in the future such as validating input with additional logic before it is sent to SQS. However, this type of logic could just as easily be performed when the messages are pulled off the queue.