An evaluation of the effectiveness of 14 Android security analysis tools in detecting 42 known vulnerabilities spread across different aspects of apps, e.g., crypto, ICC, web. It is also the first evaluation of representativess of vulnerability benchmarks -- is the manifestation of the vulnerability in the benchmark similar to its manifestation in real world apps?