Abstract: With the increase of the market share occupied by the Android system, security issues become more and more troubled by the fetters of the Android system for further development. More of the current market for security software is not able to achieve real-time monitoring application behavior, very few security software requires root privileges to achieve real-time monitoring application behavior. Based on a custom Android application framework layer, using a dynamic model of Android system permission checking mechanism to achieve detection application runtime behavior. Application take advantage of the label ofto required permissions, during the runtime when the APP needs to call the corresponding API or access to system data, system privileges inspection will occur and get the application behavior monitoring. This method is more simple and effective to monitoring application behavior and binging a smaller loss system.