Zero-Disk-Footprint Secure Model Loader for Android
Standard Android AI deployment is insecure. If you place a .tflite file in your assets/ folder, it can be extracted, unzipped, and stolen by any competitor in seconds.
TensorSeal is a secure model loading pipeline that ensures your proprietary model never touches the disk in decrypted form.
- Encryption at Rest: The model is encrypted (AES-128-CTR) at build time.
- In-Memory Decryption: The model is decrypted directly into RAM buffers using a custom C++ JNI bridge.
- Zero-Disk Footprint: The decrypted bytes are fed directly to the TensorFlow Lite Interpreter via memory mapping. No temporary files are ever created.
- Key Obfuscation: The decryption keys are constructed at runtime using "Stack Strings" to prevent static analysis (
stringscommand) attacks.
- Android Studio Koala+ (or newer)
- Python 3.10+
- NDK (Side-by-side)
git clone https://github.com/NerdzHub/TensorSeal_Android.git
cd TensorSeal
pip install -r requirements.txt-
Run the sealer tool. This will:
-
Encrypt
model.tflite->model.lock -
Generate
SecretKey.hwith obfuscated C++ logic.
python3 tools/tensorseal.py \
--input app/src/main/assets/model.tflite \
--output app/src/main/assets/model.lock \
--header app/src/main/cpp/SecretKey.hOpen the project in Android Studio and hit Run. Check Logcat for: TensorSeal: Inference Successful! The neural network is alive.
tools/tensorseal.py: The "Packer." Encrypts assets and generates matching C++ headers.
native-lib.cpp: The JNI Bridge. Handles memory allocation and TFLite C API calls.
aes.c: Lightweight, dependency-free AES-128-CTR implementation.
This tool raises the bar significantly against IP theft, but no client-side protection is 100% unbreakable. A determined attacker with root access and advanced reverse-engineering skills (Frida, GDB) can eventually dump memory. This tool is designed to stop automated scrapers, casual thieves, and static analysis.
MIT License. Free to use for personal and commercial projects.