Lots and lots of neat little results: on Android linking with obscure POSIX functions strongly correlates with the app’s being malicious; in their data ioctl on Ubuntu is 23nd most invoked function and the 22nd most expensive; 99% of OS X ioctl calls are low-level socket calls.