Smartphone has gain a lot of attention in recent years. It pro- vides lots of important features such as checking bank accounts and receive emails. It has been as important as a PC nowadays. As the importance of smartphone arise, the security has became a signicant consideration. Currently, Google has developed an operating system Android with highest market share. So it has been a main target for attackers. Among the attack methods, Root Escalation is one of the most frequently used method to attack Android system. Once the attacker gain root privilege of system, he or she can do almost anything they want, including accessing user's private data and inject malicious ap- plications into the phone. This may cause a lot of damage for user. This paper propose a system called RootGuard. It modies the Linux kernel underlying the Android framework to achieve detecting any illegal behaviours in the system. Further more, it stops the ma- licious applications by applying policies of illegal behaviours. Finally, this system can prevent user from Root Escalation attack.