Botnets are now a serious threat to the internet . The infected computers will become a puppet (zombie computer), and controlled by attacker unconsciously . This impact not only resulted in leakage of information, system damage , but also make the computers become a springboard for a major network attacks .With the high development of smart phones , the phone is not just for calling or sending messages like before , also contains the ability of surfing the internet and basic processing data ; hence many personal data , passwords , private pictures/videos are stored in the phone. The smart phone has become a mini-PC. So in recent years , many hackers continue to develop viruses , Trojan Horses , bot virus and other malicious software on mobile phones to steal private information , send advertising messages and spam e-mails. Therefore in this paper , we provide a mobile Botnet detection system on Android. Based on the group activities model and abnormal connections metric , installing the Snort IDS to detect real time traffic and the Botnet packet filter to collect abnormal traffic in the frontend. Then upload the abnormal traffic to the detection center . After collecting traffic data from many mobile phones , the center uses similarity algorithms to determine which phone is infected with the bot virus and controlled by attacker.