I was wondering how secure is the deployment of a tensorflow-trained .tflite model inside an Android application? Is it possible for someone to extract my trained model and use it directly inside their own app?
I'm aware that they can't recover my training dataset from the model, but theoretically they could extract my model, train it with additional samples and improve the performance of the model, without having my original training dataset.
Are there some safety mechanisms to prevent this? Other then running the inference in the cloud?
It is hard to prevent on-device models from being extracted by attackers (someone). This is because on-device ML inevitably stores models in user local devices such as smartphones, thus providing attackers with a chance to obtain them from installation files like Android APK via reverse engineering.
However, there are some safety mechanisms you can use:
1. Store and execute the model in secure hardware.
2. Encrypt the model.
3. Obfuscate the model information.
Reference: