With　the　function　of　Android　intelligent　terminal　becoming　more　and　more　popular,　it　is　exposed　to　various　security　threats.　This　paper　makes　a　brief　summary　of　the　Android　system　framework　and　Android　security　mechanism.　With　the　current　two　kinds　of　vulnerability　mining　methods:　static　analysis　and　dynamic　analysis,　we　make　a　summary　of　Android　vulnerabilities,　defense　researches　and　achievements.　In　this　paper　we　analysis　some　factors　of　privilege　escalation　vulnerability,　Application　component　leaks,　digital　signature　vulnerability　and　kernel　vulnerability,　which　lays　a　theoretical　foundation　for　the　Android　vulnerability　analysis　and　mining.