Mobile apps are now ubiquitous, and they have penetrated into every life corner of end users. However, security issues within these apps may incur more serious damages than ever. Researchers and practitioners have been striving to improve the security of mobile apps, and reduce security risks. However, the obtained results are still far from satisfaction. This talk will introduce our recent work aiming to achieve this target. First, this talk starts with our research on Android malware, in which we studied the semantic representation of malware, detection technologies, and evaluation on contemporary anti-malware tools. Second, this talk will brief recent work on automated app testing, including our dynamic app testing technique, crash analysis and root cause identification. Third, this talk will introduce our work on app vulnerability analysis and detection. Last but not least, I would like to share ongoing work for potential collaboration.