A

APK Guardian

archived
Academic

ML-based Android malware detection, full-stack.

Solo full-stack + ML2025Solo build after handoverSwinburne (COS70008 unit)Security / machine learning
Flask
Next.js
Keras
scikit-learn
Academic project. Source kept in a private org.

Overview

An Android malware detector: upload an APK and get a benign or malicious prediction from an ML pipeline behind a full-stack app. It was built to the unit's project brief and trained on a real Android malware dataset, not a toy sample. I built the backend, the frontend, and the model-serving glue solo.

I built the entire shipped app solo: the Flask backend, the Next.js frontend, and the model-serving pipeline. The initial Drebin model exploration was a teammate's seed, which I redid for serving.

How it works

1

APK upload

Stored in cloud storage

2

Scale

Same scaler as training

3

Encode + classify

Autoencoder, then logistic

4

Logged result

Prediction and metadata saved

Upload an APK, the backend runs it through the trained model in the same order it was trained in, and stores the prediction as a logged record.

Engineering challenges

01Making the model behave the same in production as in training

Problem. A classifier is only right in production if it applies the exact same steps, in the same order, as it did during training. One mismatch and the predictions are quietly wrong, which is the worst kind of bug.

Approach. I saved the three pieces separately, the scaler, the autoencoder encoder, and the logistic classifier, and made the serving code load and apply them in the identical order: scale, encode, classify. They load once when the service starts, not per request. Every prediction is written down as a record with its inputs, probabilities, timings and metadata, so it's auditable rather than a fire-and-forget call.

Outcome. No drift between training and serving, and every prediction leaves a trail.

02Shipping a full app, frontend, backend and model, solo on a deadline

Problem. The brief was a complete working product: auth, upload, prediction, history, role-based screens and model serving, built alone, on a tight unit deadline, after taking the work over partway through.

Approach. I scaffolded a Flask backend with a clean controller and service split, JWT auth and a login-history record, a Next.js frontend with separate admin and user areas behind real route protection, and the prediction screens. I deliberately got every layer working end to end before polishing any one of them.

Outcome. A complete, demoable app delivered on time.

What I'd do differently

  • Under the deadline I skipped tests and proper input validation. Those are the first things I'd add with more time, and the habit I'm deliberately building.
  • Secrets sit in config rather than a secret manager. Fine for a graded unit, but I'd fix it before anything real.

SUT1 Replay Server

Real-time telemetry decoder (Swinburne capstone, HD 90/100).

OBE Platform

Accreditation attainment tracker (bachelor's capstone).