Supporting data for: "The Lifetime of Android API vulnerabilities:case study on the JavaScript-to-Java interface"

Change log
Thomas, Daniel R 
Coudray, Thomas 
Sutcliffe, Tom 

List of distinct manufacturers (manufacturers.csv name, count) List of different operators (operators.csv name) Table of API version distribution for Android over time from Google Play (androiddevolperdashboardhistory.ods, androiddevolperdashboardhistory.csv, updated version kept at ) Generated LaTeX macros used in the paper (macros.tex, dastats.tex, avostats.tex, vulnerable_apps.tex) latex_value python module used to record data into LaTeX macros (, updated version kept at ) Fitted parameters for API version distribution curves (dastats.tex \daGPAPIPerAPIParametersTable) App ids of the 102174 APK files collected from the Google Play store along with the analysis of which category they fall into with respect to the JavaScript-to-Java interface (the APK files themselves are not included as we do not have distribution rights for them). (brresults.txt, For the number at the start of the line, '0' means always vulnerable (using addJavascriptInterface and target SDK < 17), '5' means vulnerable on older devices (using addJavascriptInterface and target >= 17), '6' means not using addJavascriptInterface (ie not vulnerable). 128 and 255 indicate a problem scanning the APK. The timestamp that follows is the original creation date of the APK (as given by the timestamp of the APK manifest).) List of those app ids also included in Device Analyzer ( (known_app_ids.txt, those not in Device Analyzer unknown_app_ids.txt) Python source code for processing this data (

Software / Usage instructions
csv, py, ods, tex, txt
API Security, Android, security updates, WebView, ad-libraries, JavaScript, Java, vulnerabilities, network attacker, RCE
EPSRC EP/P505445/1