A detection method based on behaviors of running mobile applications is proposed in this paper. It can detect all mobile application software and judge whether they are tampered or harmful. Further more, applications are signed and then the authoritative white list library can be established. Therefore, the events of mutual malicious detection between companies can be avoided.