Powered by the rising popularity of deep learning techniques on smartphones, on-device deep learning models are being used in vital fields like finance, social media, and driving assistance. Because of the transparency of the Android platform and the on-device models inside, on-device models on Android smartphones have been proven to be extremely vulnerable. However, due to the challenge in accessing and analysing iOS app files, despite iOS being a mobile platform as popular as Android, there are no relevant works on on-device models in iOS apps. Since the functionalities of the same app on Android and iOS platforms are similar, the same vulnerabilities may exist on both platforms. In this paper, we present the first empirical study about on-device models in iOS apps, including their adoption of deep learning frameworks, structure, functionality, and potential security issues. We study why current developers use different on-device models for one app between iOS and Android. We propose a more general attack against white-box models that does not rely on pre-trained models and a new adversarial attack approach based on our findings to target iOS's gray-box on-device models. Our results show the effectiveness of our approaches. Finally, we successfully exploit the vulnerabilities of on-device models to attack real-world iOS apps.

翻译：智能手机端深度学习技术的日益普及，推动了端侧深度学习模型在金融、社交媒体和驾驶辅助等关键领域的应用。由于Android平台及其内含端侧模型的透明性，Android智能手机上的端侧模型已被证实存在极高脆弱性。然而，受限于iOS应用文件访问和分析的难度，尽管iOS是与Android同等普及的移动平台，目前尚无针对iOS应用端侧模型的相关研究。由于同一应用在Android与iOS平台上的功能具有相似性，两类平台可能面临相同的安全漏洞。本文首次对iOS应用中的端侧模型开展实证研究，涵盖其对深度学习框架的采用情况、模型结构、功能特征及潜在安全问题。我们探讨了当前开发者为何在同一应用的iOS与Android版本中使用不同端侧模型。基于研究发现，我们提出了一种无需依赖预训练模型的、针对白盒模型的通用攻击方法，并针对iOS灰度端侧模型提出了一种新的对抗攻击方案。实验结果表明了所提方法的有效性。最终，我们成功利用端侧模型漏洞对真实iOS应用实施了攻击。