I encountered an issue while using AWS S3 in my app to download a file from it. However, upon deploying my app on Google Play, I received a warning about a potential AWS authorization leak.

val credentials = BasicAWSCredentials(BuildConfig.ACCESS_KEY_S3, BuildConfig.SECRET_ACCESS_KEY_S3)
val s3Client = AmazonS3Client(credentials, Region.getRegion(BuildConfig.REGION))

// Download file
val s3Object: S3Object? = try {
    s3Client.getObject(BuildConfig.BUCKET, fileName)
} catch (e: Exception) {
    onState(Resource.error(null, "AmazonS3Client Error downloading file: ${fileName} $e"))
    null
}

I stored the credentials in BuildConfig, but the warning persists. Could someone please provide a solution?

Using Access / Secret hardcoded or exposed is not a good idea even though it is having restricted access. You could use the option of Signed URLs as in the section at link to safely expose it.