AbstractNowadays, because of its increased popularity, Android is target to a growing number of attacks and malicious applications, with the purpose of stealing private information and consuming credit by subscribing to premium services. Most of the current commercial antivirus solutions use static signatures for malware detection, which may fail to detect different variants of the same malware and zero‐day attacks. In this paper, we present a behavior‐based, dynamic analysis security solution, called Android Malware Detection System, for detecting both well‐known and zero‐day malware. The proposed solution uses a machine learning classifier in order to differentiate between the behaviors of legitimate and malicious applications. In addition, it uses the application statistics for determining its reputation. The final decision is based on a combination of the classifier's result and the application reputation. The solution includes a unique and extensive set of data collectors, which gather application‐specific data that describe the behavior of the monitored application. We evaluated our solution on a set of legitimate and malicious applications and obtained a high accuracy of 0.985. Our system is able to detect zero‐day malware samples that are not detected by current commercial solutions. Our solution outperforms other similar solutions running on mobile devices. Copyright © 2015 John Wiley & Sons, Ltd.