Thanks to the vigorous development on mobile broadband in recent years, smart phones have gradually replaced traditional cell phones and become the main stream in cell phone market. Due to abounding private information can be stored up inside smart phones and according to the cell phone malware reports from some information security companies, Trojan can stole private information and has become the most infamous malware among malicious software. This research will focus on information and communication issues from the smart mobile device. This research will aim at the abnormal behavior traits that the malware has to link to the external network and transmit the stolen data to some specific servers, submit a method to detect the malware and actually put up an environment for wireless network monitoring. Through the experiment, this research will take the Android smart phone as an example to compare the unusual characteristic in network behavior between the malware and the normal software and to test and verify that this method can detect the abnormal network behavior from the infected cell phones. Moreover, this experiment will prove this examining method will not only detect the known malware network behavior, but also detect the unknown malware network behavior. In the present day, the researches on detecting cell phone’s malware behavior still need to limit on some specific working platforms and also the known samples. The greatest contribution of this detecting method from the research is that it can initially affirm the abnormal behavior from the mobile device that has installed different working platforms. Because of free from setting up a complicated environment, this detecting method can be provided to the general users to do the self-detecting job. Also, this method can be a reference and provided to the related enterprises to strengthen information security detecting on smart phones or mobile device.