PlayDrone indexed and decompiled 1,100,000 Google Play applications. The source revealed a lot of applications were including OAuth tokens in applications (e.g. AWS tokens, FB tokens); a critical security hole. Very interesting paper and presentation.