Best practice for protection IP Data downloaded to App?

I'm no expert, but why is CoreML not an option? CoreML is not limited to visual/sound/language/text, and you can use the coremltools to convert models from TensorFlow, PyTorch, Keras, Caffe, LIBSVM, scikit-learn, and XGBoost to a .coreml model that could then leverage on-device encryption.

Presuming that is not an option, I'd think you need to try and identify the particular touch-points where a model could become compromised. For example, if it is bundled with the app at the time in which the app is published to the App Store, would that model be accessible to anyone with access to the device? Subsequently, I'd think you could even go more old-school and consider compressing and encrypting the model when it is bundled with the app/downloaded from a server, then decompress and decrypt the model using either a key hard-coded in the app's code, or some mechanism to confirm the user's identity and approval to decrypt (using CryptoKit or something of the like).

Again, no expert on the topic, but saw that it's been a few days since you posted this and I'd be curious of a more Apple-approved answer, too.

It really boils down to securely passing the private key for decryption to a device which is then stored in keychain or similar.
Apple appears to have a solution for this but it is limited to their own CoreML models.
I'm tempted to (re) ask this question framed around how to get a private key into an app's keychain securely using iCloud or similar?

A good summary of CoreML's new encryption solution is given on the website machinethink dot net in their blog. For some unexplained reason I couldn't post a link to it, or any site, here in my reply. If you want a quick overview go read their latest blog entry titled "Apple machine learning in 2020: What’s new?"