Using Stowaway, a tool that determines the permissions in which an app is over- and underprivileged, we found that even some of the most popular apps on Google Play and F-Droid violate the principle of least privilege.
Using Sonar, a tool that generates code metrics and finds defects, we were able to determine the percentage of defects found in the code bases of popular applications.