ML-based Android malware detection, full-stack.
An Android malware detector: upload an APK and get a benign or malicious prediction from an ML pipeline behind a full-stack app. It was built to the unit's project brief and trained on a real Android malware dataset, not a toy sample. I built the backend, the frontend, and the model-serving glue.
I built the shipped app: the Flask backend, the Next.js frontend, and the model-serving pipeline. The initial Drebin model exploration was a teammate's seed, which I redid for serving.
APK upload
Stored in cloud storage
Scale
Same scaler as training
Encode + classify
Autoencoder, then logistic
Logged result
Prediction and metadata saved
Problem. A classifier is only right in production if it applies the exact same steps, in the same order, as it did during training. One mismatch and the predictions are quietly wrong, which is the worst kind of bug.
Approach. I saved the three pieces separately, the scaler, the autoencoder encoder, and the logistic classifier, and made the serving code load and apply them in the identical order: scale, encode, classify. They load once when the service starts, not per request. Every prediction is written down as a record with its inputs, probabilities, timings and metadata, so it's auditable rather than a fire-and-forget call.
Outcome. No drift between training and serving, and every prediction leaves a trail.
Problem. The brief was a complete working product: auth, upload, prediction, history, role-based screens and model serving, on a tight unit deadline, after taking the work over partway through.
Approach. I scaffolded a Flask backend with a clean controller and service split, JWT auth and a login-history record, a Next.js frontend with separate admin and user areas behind real route protection, and the prediction screens. I deliberately got every layer working end to end before polishing any one of them.
Outcome. A complete, demoable app delivered on time.
Interested in this kind of work? Get in touch