As mobile applications become popular, they become the new target of attackers. For Android platforms, adversaries can easily repackage the malicious code into the different benign applications for distribution. The work of detecting and analyzing the malicious application becomes a challenge of Android. Though, the repackaged applications have different outward appearances, the same malicious behaviors still appear during runtime. Therefore, we propose a behavior-based detection mechanism based on system call sequences. We extract the common system call subsequences of malicious applications and purpose a comparison approach to deal with multiple threads produced by the applications. We also utilize the Bayes probability model to filter subsequences which have lower probability of appearance in the repackaged applications. Finally, we can detect repackaged applications by those extracted subsequences. In our experiment, we use five different types of repackaged applications and 100 benign applications to evaluate the accuracy rate. The detection result demonstrates that our approach has 97.6% high accuracy. We evaluate 25 repackaged applications and miss only one evaluated target.