Mobile apps have become popular for providing artificial intelligence (\emph{AI}) services via on-device machine learning (\emph{ML}) techniques. Unlike accomplishing these AI services on remote servers traditionally, these on-device techniques process sensitive information required by AI services locally, which can mitigate the severe concerns of the sensitive data collection on the remote side. However, these on-device techniques have to push the core of ML expertise (\textit{e.g.}, models) to smartphones locally, which are still subject to similar vulnerabilities on the remote clouds and servers, especially when facing the model stealing attack. To defend against these attacks, developers have taken various protective measures. Unfortunately, we have found that these protections are still insufficient, and on-device ML models in mobile apps could be extracted and reused without limitation. To better demonstrate its inadequate protection and the feasibility of this attack, this paper presents DeMistify, which statically locates ML models within an app, slices relevant execution components, and finally generates scripts automatically to instrument mobile apps to successfully steal and reuse target ML models freely. To evaluate DeMistify and demonstrate its applicability, we apply it on $1,511$ top mobile apps using on-device ML expertise for several ML services based on their install numbers from Google Play and DeMistify can successfully execute $1,250$ of them ($82.73%$). In addition, an in-depth study is conducted to understand the on-device ML ecosystem in the mobile application.