With the advent of the smartphone era, the Android operating system has the highest market share worldwide on mobile devices. Consequently, the Android platform has become the biggest target for threat actors. Quark Engine is an open-source Android malware analysis system that provides threat intelligence of Android malware. It helps threat researchers quickly detect the behavior in malware samples. Since Quark Engine is a rule-based system, the number of Quark rules is proportional to its practicality. However, manually creating rules is time and effort consuming. In addition, the quality of Quark rules depends on the experience of the threat researcher. Therefore, The Quark team has developed two versions of Quark rule generation system. To improve the drawbacks of the systems, this study presents the third version of the rule generation system. We experiment with two different families of Android malware samples. The experiment compares accuracy (the ratio of effective rules number to output rules number) and productivity (the ratio of output rules number to the amount of computation). The result shows that the third version of the rule generation system has 41.5% accuracy and 26.1% productivity in average, which are both much higher than other versions of rule generation system. Thus, the result shows that the third version is the most efficient system. Last, we proposed several suggestions for improvements, including the process of rule selection and the target function selection.