In the past few years, both the industry and the academic communities have developed several approaches to detect malicious Android apps. State-of-the-art research approaches achieve very high accuracy when performing malware detection on existing datasets. These approaches perform their malware classication tasks in an "oine" scenario, where malware authors cannot learn from and adapt their malicious apps to these systems. In real-world deployments, however, adversaries get feedback about whether their app was detected, and can react accordingly by transforming their code until they are able to inuence the classication. In this work, we propose a new approach for detecting Android malware that is designed to be resilient to feature-unaware perturbations without retraining. Our work builds on two key ideas. First, we consider only a subset of the codebase of a given app, both for precision and performance aspects. For this paper, our implementation focuses exclusively on the loops contained in a given app. We hypothesize, and empirically verify, that the code contained in apps' loops is enough to precisely detect malware. This provides the additional benets of being less prone to noise and errors, and being more performant. The second idea is to build a feature space by extracting a set of labels for each loop, and by then considering each unique combination of these labels as a dierent feature: The combinatorial nature of this feature space makes it prohibitively dicult for an attacker to inuence our feature vector and avoid detection, without access to the specic model used for classication. We assembled these techniques into a prototype, called LMC, which can locate loops in applications, extract features, and perform classication, without requiring source code. We used LMC to classify about 20,000 benign and malicious applications. While focusing on a smaller portion of the program may seem counterintuitive, the results of these experiments are surprising: our system ACM acknowledges that this contribution was authored or co-authored by an employee, contractor, or aliate of the United States government. As such, the United States government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for government purposes only.