Due to the wide use of mobile devices, the security issues existing on mobile devices become more serious and harmful. It is a non-trival task to improve the security in Android such as malware detection, vulnerability detection. This talk will explain three key works dedicted to address security problems in Android: malware detection, performance assessment of anti-malware tools and Android security testing. This talk starts with the study of malware detection, in which we propose a sematic model to represent malicious behaviors in Android malware, and combine static analysia and machine learning to detect malware in an accurate and efficient manner. Then, we conducted another work to assess the performance of existing anti-malware tools by automatically generating a large number of Android malware. We identified many weaknesses of these anti-malware tools, and proposed several advices for improving their performance. Last, we propose a dynamic analysis based approach to explore bugs hidden deep in the code of Android apps.