I want to distribute an application with the embedded YOLO11 model as an APK file. However, with an APK file, there’s a risk that other users could extract the model. I would like to know how to encrypt the model itself to prevent this. Additionally, if there are other ways to protect models, I would appreciate it if you could share those methods as well.
As an FYI, the open source Ultralytics code and YOLO models are AGPL-3.0, which would mean that unless you have an Ultralytics License, you’d need to make both your code and model publicly available. If you don’t have a license and would like to use Ultralytics without making your code or model public, you should submit a license request form on the Ultralytics Licensing page and someone from the team will assist you with licensing.
Assuming you have an Ultralytics License, you would need to find an encryption method that is compatible with whatever framework/toolset you’re using for your APK. I couldn’t tell you how to implement encryption or to protect your model weights specifically, but I can suggest some general principles/ideas on how to accomplish this (mostly obfuscation focused instead of encrypted focused). For something specifically on encryption of data for Android, you’ll likely need to do some research on what’s available within the Android SDK or ask your question on an Android developer community.
One idea would be to compile/combine some part of the code and the model weights together, then at runtime unpack this in memory to run. This would mean that the weights would only be available during runtime, in memory, which would make it more difficult to extract (not impossible).
Another way could be to pull the file from a remote server and only store in memory. The link/call to the server would need to be obfuscated or secured. This might not be the best route since you’d have to pull the file every time to avoid leaving it on the device where it might get extracted. A solution to that could be to try splitting the file into multiple parts, and then combining these at runtime to load the weights.
Additionally, but maybe not preferably, the inference could be executed externally so the weights are never moved to the device. Ultralytics HUB includes an inference API to accomplish this, and you could implement something similar (or use the HUB inference API).
Thank you for your response.
Hello kou8623,
To protect your YOLO11 model when distributing it within an APK, you can consider model obfuscation, which involves encrypting model parameters like weights and biases. This makes it difficult for unauthorized users to understand or modify the model. You might also obfuscate the model’s architecture by renaming layers and parameters or even adding dummy layers. Serving your model in a secure environment like a secure enclave or using a trusted execution environment (TEE) can provide an extra layer of protection during inference.
See our documentation on security considerations for more best practices on secure model deployment.
Also note that all commercial usage of Ultralytics software and models requires an Enterprise License, or alternatively requires you to open-source your entire project under AGPL-3.0.