Smart phones have become very popular and mobile's systems almost are Android or IOS. People store the personal data and sensitive data into their smart phones such as account number, password number and contact. Because of above reason, the hackers change the targets form PC to smart phones. Android allows smart phones to install the third-party apps which are not authenticated by Google. Malware apps will ask users for permissions. If the users allow the permissions, the malware apps can steal the sensitive data and send the data to hacker's server. Then the hackers will response malware codes or commands to user's phones and execute them. This research proposes a android malware detecting system by monitoring network packets and using the concept of agent. The agent app collect the network packets and store into the pcap file which is uploaded into the server. The server uses libpcap to extract the GET features and POST features, then the features are stored into database. The research uses SVM classifier algorithm to analyze the features. The SVM will create a model from the train data to analyze the test data. If the pcap file has malware features, server will send a Google Cloud Message to agent app and agent app notifies the user. The contribution of this research is developing a malware detecting system for Android to protect the user's sensitive data. The infrastructure and malware features are valuable for researchers to work on Android security and improve development of industry and researches.