The Android operating systems is becoming more popular. Security analysis on Android devices is necessary. We can perform security assessment on difference components of Android operating system such as pre-installed applications component, application framework component, or Linux kernel (Android kernel) component. Most of the current studies focus on pre-installed applications, rather than the rest. However, vulnerabilities may exist in any of these components. The Android kernel is one of the lowest layer components in Android phones. In this study, we proposed a method to analyze security issues in Android kernel. The proposed system can be used to list system calls that need to analyze to detect security issues in Android kernel. By using the proposed system, we analyze the changed system calls only instead of all system calls in the Android Kernel. This method can be used to reduce the time cost of the Android kernel analysis process. According to the experimental results, the proposed system analyzes correctly not only the customized Android kernel but also the Android kernels in the wild.
