The increasing popularity of deep learning (DL) models and the advantages of computing, including low latency and bandwidth savings on smartphones, have led to the emergence of intelligent mobile applications, also known as DL apps, in recent years. However, this technological development has also given rise to several security concerns, including adversarial examples, model stealing, and data poisoning issues. Existing works on attacks and countermeasures for on-device DL models have primarily focused on the models themselves. However, scant attention has been paid to the impact of data processing disturbance on the model inference. This knowledge disparity highlights the need for additional research to fully comprehend and address security issues related to data processing for on-device models. In this paper, we introduce a data processing-based attacks against real-world DL apps. In particular, our attack could influence the performance and latency of the model without affecting the operation of a DL app. To demonstrate the effectiveness of our attack, we carry out an empirical study on 517 real-world DL apps collected from Google Play. Among 320 apps utilizing MLkit, we find that 81.56\% of them can be successfully attacked. The results emphasize the importance of DL app developers being aware of and taking actions to secure on-device models from the perspective of data processing.

翻译：近年来，深度学习模型的日益普及以及其在智能手机上带来的低延迟、节省带宽等计算优势，催生了智能移动应用（即深度学习应用）的兴起。然而，这一技术发展也引发了诸多安全问题，包括对抗性样本、模型窃取和数据投毒等。现有针对设备端深度学习模型的攻击与防御工作主要聚焦于模型本身，却鲜有关注数据处理扰动对模型推理的影响。这一认知差距凸显了开展进一步研究的必要性，以全面理解并解决设备端模型中与数据处理相关的安全问题。本文提出了一种基于数据预处理的攻击方法，可针对真实世界的深度学习应用实施攻击。具体而言，我们的攻击能在不影响深度学习应用正常运行的情况下，影响模型的性能与延迟。为证明攻击的有效性，我们对从Google Play收集的517个真实深度学习应用进行了实证研究。在使用了MLkit的320个应用中，我们发现81.56%的应用可被成功攻击。这一结果强调了深度学习应用开发者必须认识到从数据处理角度保护设备端模型的重要性，并采取相应行动。