Nowadays, there are a lot of functions on the smart phone, so more and more people take their smart phone like a portable personal computer. Android is one kind of smart phone system with a lot of users. Many users like its ability of installing apps from unverified sources, but attackers also use this ability to harm the users. Antivirus usually use signatures to detect malware, but Android malware develop too fast. This method is too slow, so users can not protect themselves with installing antivirus on their smart phone. In this paper, we present an Android machine learning malware detection system. This system uses the result of static analysis and dynamic analysis as its features to do machine learning, and determine whether this application is malware or not. In the part of the dynamic analysis, we propose an automatic behavior trigger which can identify the user interface on the screen. This behavior trigger simulates events from a user's interaction with this app to trigger the functions of this app. We also propose a new feature set, and this kind of feature set can record the sequence of the system calls to elevate the detection rate. We have got a lot of samples to prove our system can use this behavior trigger and this kind of feature set to distinguish malware from normal apps.