“…Many studies [10,26,75,79,83,95,100,120,137,148,163,205,215,220,229,238,244,246,271,279,350,366] created their own datasets. Ali Alatwi et al [10], Cui et al [83], Ma et al [205], and Gupta et al [120] created datasets to train vulnerability detectors for Android applications. In particular, Ma et al [205] decompiled and generated cfgs of approximately 10 thousand, both benign and vulnerable, Android applications from AndroZoo and Android Malware datasets; Ali Alatwi et al [10] collected 5,063 Android applications where 1,000 of them were marked as benign and the remaining as malware; Cui et al [83] selected an open-source dataset comprised of 1,179 Android applications that have 4,416 different version (of the 1,179 applications) and labeled the selected dataset by using the Androrisk tool; and Gupta et al [120] used two Android applications (Android-universalimage-loader and JHotDraw) which they have manually labeled based on the projects pmd reports (true if a vulnerability was reported in a pmd file and false otherwise).…”