This paper introduces Kirin, a lightweight security service for Android that performs application certification at install time to mitigate malware. Kirin uses predefined security rules to evaluate the security configuration of Android applications. These rules are derived from security requirements engineering techniques and are designed to detect undesirable properties in application permissions. The service analyzes the security configuration of applications and flags those that may pose a risk. In a sample of 311 popular Android applications, Kirin identified 5 applications that implemented dangerous functionality and 5 that asserted dangerous rights but were within reasonable functional needs. These results demonstrate that security configuration bundled with Android applications can effectively detect malware. Kirin provides a practical approach to mitigating malware and general software misuse in Android. The service is implemented as an Android application that runs on the mobile phone and is designed to be flexible and customizable. The paper also discusses the limitations of existing security enforcement in Android and the challenges of defining practical security rules. Overall, Kirin offers a lightweight and effective method for detecting and mitigating malware in Android applications.This paper introduces Kirin, a lightweight security service for Android that performs application certification at install time to mitigate malware. Kirin uses predefined security rules to evaluate the security configuration of Android applications. These rules are derived from security requirements engineering techniques and are designed to detect undesirable properties in application permissions. The service analyzes the security configuration of applications and flags those that may pose a risk. In a sample of 311 popular Android applications, Kirin identified 5 applications that implemented dangerous functionality and 5 that asserted dangerous rights but were within reasonable functional needs. These results demonstrate that security configuration bundled with Android applications can effectively detect malware. Kirin provides a practical approach to mitigating malware and general software misuse in Android. The service is implemented as an Android application that runs on the mobile phone and is designed to be flexible and customizable. The paper also discusses the limitations of existing security enforcement in Android and the challenges of defining practical security rules. Overall, Kirin offers a lightweight and effective method for detecting and mitigating malware in Android applications.