(All the data in this website is available at Zenodo.)
1: Type-1 bugs in real apps
(Missing Permission Check): A dangerous API is called without a permission check on the target Android version.
2: Type-2 bugs in real apps
(Incompatible Permission Usage): A dangerous API is called on incompatible platforms, or the evolution of permission specification is not fully handled.
3: Aper tool
The Aper executable and instructions.
4: ARPfix benchmark
The ARPfix benchmark that contains buggy ARP usages, and the corresponding patches, built from real-world Android projects.
5: Empirical data
The data used in our empirical study: API-permission mapping, and Google Play apps.