For malicious software detection that compromises applications in smartphones with Android Operating System, conventional controls, used between 2012 the first half of 2018, require a sample of malware to perform the detection. Most security controls run the applications analysis in the cloud, and not locally on the device. Other controls are limited to the applications offered in the Google Play Store. In addition, for the neutralization to be effective, most controls require special abilities most end user of Android doesn’t have. In this project, an analysis of these techniques is made, their forms of detection are compared, and their shortcomings are recorded. With the information obtained from these analyses, an application for Android operating systems is designed and implemented on mobile devices: CAM (Control for Mobile Applications). To ensure the applications integrity, it is checked if they have been intervened with malware, through the digital signatures' validation and events’ correlation. CAM proposes a strategy of co-responsibility between the mobile application developers and the operating system community users, based on active defense, so that security becomes systems attribute instead of just being a complementary service. The co-responsibility strategy aims for developers and users publishing their application main operational events white-list databases, to contrast them with the information generated by those applications' events. That way, the collected information may improve detection and mitigation of cyber threats such as espionage, information leakage, identity theft, password stealing, and remote device control through trojans (bots). The co-responsibility strategy also aims to provide education on cyber security to users, based on the delivery of efficient alerts. For the development of this degree work, statistical records of mobile devices with the most used Android operating system between 2015 and 2018, and a laboratory of virtual machines, were made to simulate said distributions of Android, its main features and operational events such as: permits, signatures, and traffic were examined. The selected applications were intervened with the Meterpreter for Android Package of the Metasploit framework. For the commitment indicators detection in the infected applications, applications such as Package Info, RL Permissions and Network Connections, among others were used. The results of these experiments made possible the development of the CAM platform for Android with client-server architecture development. The CAM platform is responsible for storing and correlating the legitimate applications valid operational events in a white list. This white list is used to provide efficient reports to users, so they are able to identify and avoid when a mobile application generates a cyber-threat on a smartphone