DeMistify: Identifying On-Device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps

Mobile apps have become popular for providing artificial intelligence (AI) services via on-device machine learning (ML) techniques. Unlike accomplishing these AI services on remote servers traditionally, these on-device techniques process sensitive information required by AI services locally, which...

Full description

Saved in:
Bibliographic Details
Published inProceedings / International Conference on Software Engineering pp. 479 - 491
Main Authors Ren, Pengcheng, Zuo, Chaoshun, Liu, Xiaofeng, Diao, Wenrui, Zhao, Qingchuan, Guo, Shanqing
Format Conference Proceeding
LanguageEnglish
Published ACM 14.04.2024
Subjects
Analytical models
Android App
Biological system modeling
Ecosystems
Machine learning
Mobile applications
On-device Model Reuse
Program Analysis
Servers
Task analysis
Online AccessGet full text
ISSN1558-1225
DOI10.1145/3597503.3623325

Cover

Abstract Mobile apps have become popular for providing artificial intelligence (AI) services via on-device machine learning (ML) techniques. Unlike accomplishing these AI services on remote servers traditionally, these on-device techniques process sensitive information required by AI services locally, which can mitigate the severe con-cerns of the sensitive data collection on the remote side. However, these on-device techniques have to push the core of ML expertise (e.g., models) to smartphones locally, which are still subject to similar vulnerabilities on the remote clouds and servers, especially when facing the model stealing attack. To defend against these attacks, developers have taken various protective measures. Unfor-tunately, we have found that these protections are still insufficient, and on-device ML models in mobile apps could be extracted and reused without limitation. To better demonstrate its inadequate protection and the feasibility of this attack, this paper presents DeMistify, which statically locates ML models within an app, slices relevant execution components, and finally generates scripts auto-matically to instrument mobile apps to successfully steal and reuse target ML models freely. To evaluate DeMistify and demonstrate its applicability, we apply it on 1,511 top mobile apps using on-device ML expertise for several ML services based on their install numbers from Google Play and DeMistify can successfully execute 1250 of them (82.73%). In addition, an in-depth study is conducted to understand the on-device ML ecosystem in the mobile application.
AbstractList Mobile apps have become popular for providing artificial intelligence (AI) services via on-device machine learning (ML) techniques. Unlike accomplishing these AI services on remote servers traditionally, these on-device techniques process sensitive information required by AI services locally, which can mitigate the severe con-cerns of the sensitive data collection on the remote side. However, these on-device techniques have to push the core of ML expertise (e.g., models) to smartphones locally, which are still subject to similar vulnerabilities on the remote clouds and servers, especially when facing the model stealing attack. To defend against these attacks, developers have taken various protective measures. Unfor-tunately, we have found that these protections are still insufficient, and on-device ML models in mobile apps could be extracted and reused without limitation. To better demonstrate its inadequate protection and the feasibility of this attack, this paper presents DeMistify, which statically locates ML models within an app, slices relevant execution components, and finally generates scripts auto-matically to instrument mobile apps to successfully steal and reuse target ML models freely. To evaluate DeMistify and demonstrate its applicability, we apply it on 1,511 top mobile apps using on-device ML expertise for several ML services based on their install numbers from Google Play and DeMistify can successfully execute 1250 of them (82.73%). In addition, an in-depth study is conducted to understand the on-device ML ecosystem in the mobile application.
Author Guo, Shanqing
Zhao, Qingchuan
Diao, Wenrui
Liu, Xiaofeng
Ren, Pengcheng
Zuo, Chaoshun
Author_xml – sequence: 1
  givenname: Pengcheng
  surname: Ren
  fullname: Ren, Pengcheng
  email: rpc@mail.sdu.edu.cn
  organization: School of Cyber Science and Technology, Shandong University
– sequence: 2
  givenname: Chaoshun
  surname: Zuo
  fullname: Zuo, Chaoshun
  email: zuo.118@osu.edu
  organization: Ohio State University
– sequence: 3
  givenname: Xiaofeng
  surname: Liu
  fullname: Liu, Xiaofeng
  email: xiaofengliu@mail.sdu.edu.cn
  organization: School of Cyber Science and Technology, Shandong University
– sequence: 4
  givenname: Wenrui
  surname: Diao
  fullname: Diao, Wenrui
  email: diaowenrui@link.cuhk.edu.hk
  organization: School of Cyber Science and Technology, Shandong University
– sequence: 5
  givenname: Qingchuan
  surname: Zhao
  fullname: Zhao, Qingchuan
  email: qizhao@cityu.edu.hk
  organization: City University of Hong Kong
– sequence: 6
  givenname: Shanqing
  surname: Guo
  fullname: Guo, Shanqing
  email: guoshanqing@sdu.edu.cn
  organization: School of Cyber Science and Technology, Shandong University
BookMark eNotT8tKAzEUjaJgrV27cZEfmJrXnSTuSuuj0FLwtS1pckcjYzpMpkL_3hl0cx6cw-WeS3KW9gkJueZsyrmCWwlWA5NTWQopBZyQidXWKMY0E1yrUzLiAKbgQsAFmeQcdwyUBF0qOSJfC1zH3MXqeEeXAdOgYvqgm1Qs8Cd6pGvnP2NCukLXpiFa7wPWmb506OrBuxToMx4y0vdDnbB1u1jHLmKmMfXl3iGdNU2-IueVqzNO_nlM3h7uX-dPxWrzuJzPVoXjlncFOF6WJuyU8KBQBt4_ypwWpR5QcVZpyzx6I4M2QfkKArc6GAsSfRWUHJObv7sREbdNG79de9zyfrRhRstfN4dZ8A
CODEN IEEPAD
ContentType Conference Proceeding
DBID 6IE
6IH
CBEJK
RIE
RIO
DOI 10.1145/3597503.3623325
DatabaseName IEEE Electronic Library (IEL) Conference Proceedings
IEEE Proceedings Order Plan (POP) 1998-present by volume
IEEE Xplore All Conference Proceedings
IEEE/IET Electronic Library
IEEE Proceedings Order Plans (POP) 1998-present
DatabaseTitleList
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE/IET Electronic Library (IEL) (UW System Shared)
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISBN 9798400702174
EISSN 1558-1225
EndPage 491
ExternalDocumentID 10548087
Genre orig-research
GroupedDBID -~X
.4S
.DC
29O
5VS
6IE
6IF
6IH
6IK
6IL
6IM
6IN
8US
AAJGR
AAWTH
ABLEC
ADZIZ
ALMA_UNASSIGNED_HOLDINGS
ARCSS
AVWKF
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CBEJK
CHZPO
EDO
FEDTE
I-F
IEGSK
IJVOP
IPLJI
M43
OCL
RIE
RIL
RIO
ID FETCH-LOGICAL-a191t-5a1668db42c54e3d17640a72670a72410f790cec83d78d4cf5d197d8953ecfd43
IEDL.DBID RIE
IngestDate Wed Aug 27 02:33:24 EDT 2025
IsPeerReviewed false
IsScholarly true
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-a191t-5a1668db42c54e3d17640a72670a72410f790cec83d78d4cf5d197d8953ecfd43
PageCount 13
ParticipantIDs ieee_primary_10548087
PublicationCentury 2000
PublicationDate 2024-April-14
PublicationDateYYYYMMDD 2024-04-14
PublicationDate_xml – month: 04
  year: 2024
  text: 2024-April-14
  day: 14
PublicationDecade 2020
PublicationTitle Proceedings / International Conference on Software Engineering
PublicationTitleAbbrev ICSE
PublicationYear 2024
Publisher ACM
Publisher_xml – name: ACM
SSID ssib054357643
ssib055306466
ssj0006499
Score 2.3294377
Snippet Mobile apps have become popular for providing artificial intelligence (AI) services via on-device machine learning (ML) techniques. Unlike accomplishing these...
SourceID ieee
SourceType Publisher
StartPage 479
SubjectTerms Analytical models
Android App
Biological system modeling
Ecosystems
Machine learning
Mobile applications
On-device Model Reuse
Program Analysis
Servers
Task analysis
Title DeMistify: Identifying On-Device Machine Learning Models Stealing and Reuse Vulnerabilities in Mobile Apps
URI https://ieeexplore.ieee.org/document/10548087
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1NS8MwGA5uJ0_zY-I3OXjtbJukabw6ZQibIk52G03yVtTRiWsP-uvNm7Y6BMFLaUsPIcn71bzP8xBypmILKmM8yJl2BYrSItBxogKupQ6BmVR4tYbxJBlN-c1MzBqwusfCAIBvPoMB3vqzfLs0Ff4qcxaO7GSp7JCOlKoGa7WbR7i4L9e4pVAOJ-GYqzRuOXG5fcPtE3FxzlwmLUI2cA6cMRTKXhNX8bHlukcm7ajqlpLXQVXqgfn8Rdj472Fvkf4PjI_efQeobbIBxQ7ptToOtDHrXfIyhDGaev5xQWvgrgc_0dsiGAJ6Ejr2LZdAGzbWJ4oSaosVxW5gxLPTrLD0HqoV0MdqgUTWvufWVeH0uXAfuyegLuFd9cn0-urhchQ0GgxB5iq5MhBZlCSp1Tw2ggOzkZvjMJNxIvHKozCXKjRgUmZlarnJhY2UtKkSDExuOdsj3WJZwD6hkVv9xKCCldI85blCWC7S6SueQxaHB6SPczd_q2k25u20Hf7x_ohsxi7DwKOdiB-TbvlewYnLEEp96nfGF8gpt-M
linkProvider IEEE
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV27TsMwFLWgDDCVRxFvPLCmJLEdx6wUVB4pCAFiq2L7BgFVimgzwNfj66SAkJBYoiTKYNm-r_iecwg5ULEFlTMeFEy7AkVpEeg4UQHXUofATCq8WkM2SPp3_PxBPDRgdY-FAQDffAZdvPVn-XZsKvxV5iwc2clSOU8WhCsrZA3Xmm0f4SK__MEuhYI4CcdspXHMicvuG3afiItD5nJpEbKuc-GMoVT2D3kVH11O22QwG1fdVPLSraa6az5-UTb-e-DLpPMN5KPXXyFqhcxBuUraMyUH2hj2GnnuQYbGXrwf0Rq66-FP9KoMeoC-hGa-6RJow8f6SFFEbTSh2A-MiHaal5beQDUBel-NkMrad926Opw-le5j9wTUpbyTDrk7Pbk97geNCkOQu1puGog8SpLUah4bwYHZyM1xmMs4kXjlUVhIFRowKbMytdwUwkZK2lQJBqawnK2TVjkuYYPQyK1_YlDDSmme8kIhMBcJ9RUvII_DTdLBuRu-1kQbw9m0bf3xfp8s9m-zy-Hl2eBimyzFLt_Ag56I75DW9K2CXZcvTPWe3yWfob-7NA
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+%2F+International+Conference+on+Software+Engineering&rft.atitle=DeMistify%3A+Identifying+On-Device+Machine+Learning+Models+Stealing+and+Reuse+Vulnerabilities+in+Mobile+Apps&rft.au=Ren%2C+Pengcheng&rft.au=Zuo%2C+Chaoshun&rft.au=Liu%2C+Xiaofeng&rft.au=Diao%2C+Wenrui&rft.date=2024-04-14&rft.pub=ACM&rft.eissn=1558-1225&rft.spage=479&rft.epage=491&rft_id=info:doi/10.1145%2F3597503.3623325&rft.externalDocID=10548087