The paper introduces Kirin, a lightweight security service for Android that performs application certification at install time to mitigate malware. Kirin uses security rules, which are templates designed to match undesirable security configurations in applications. The authors use a variant of security requirements engineering techniques to produce a set of rules that match malware characteristics. In a sample of 311 popular applications from the official Android Market, Kirin and the rules found 5 applications with dangerous functionality, requiring extreme caution for installation. Another five applications asserted dangerous rights but were within reasonable functional needs. The results indicate that security configurations bundled with Android applications can effectively detect malware. The paper also discusses the design and implementation of Kirin, its evaluation, and related work.The paper introduces Kirin, a lightweight security service for Android that performs application certification at install time to mitigate malware. Kirin uses security rules, which are templates designed to match undesirable security configurations in applications. The authors use a variant of security requirements engineering techniques to produce a set of rules that match malware characteristics. In a sample of 311 popular applications from the official Android Market, Kirin and the rules found 5 applications with dangerous functionality, requiring extreme caution for installation. Another five applications asserted dangerous rights but were within reasonable functional needs. The results indicate that security configurations bundled with Android applications can effectively detect malware. The paper also discusses the design and implementation of Kirin, its evaluation, and related work.