“…CWE-20: Improper Input Validation DifFuzz [40], DroidFuzzer [36], EvoTaint [38], Flowdroid [4], Huang et al [37], IVDroid [39], Monkey [ AppFence [50], AppIntent [51], AutoPatchDroid [52], Blackdroid [45], CoChecker [53], ComDroid [54], ContentScope [55], Covert [56], CredMiner [57],Flowdroid [4], IccTA [5], Kul et al [49], Matsumoto2013 et al [58], MITHYS [59], M-Perm [60], OAUTHLINT [61], Onwuzurike et al [62] CWE-269: Improper Privilege Management AppProfiler [63], AppGuard [64], AutoPatchDroid [52], AW-iDe [65], Bartsch et al [66], CoChecker [53], Covert [56], DroidChecker [67], Droidtector [68], Lintent [69], M-Perm [60], PaddyFrog [ External validity. We manually analyzed a total of 681 security weakness-fixing commits coming from 315 apps.…”