What is the preferred way of using AWS (specifically S3) from mobile apps?

Question

Adding the AWS access key and secret key directly in app code is definitely not a good approach, primarily because the app resides on the users device (unlike server side code),