For enforcing security, Android platform uses authorizing system which grants permission per application at install-time. With authorized privilege, user applications can modify and delete user's personal information. Therefore, inspection of granted permiss ion usage can be used to detect security vulnerabilities. ISO/IEC 25 010 defines software product security characteristic and provides g uidelines to evaluate software product quality. Among sub-characte ristics of security, Authenticity is related to Android permission sys tem. In this paper, we present authenticity metric for android application. This metric can quantify the permission usage of applicatio n and measured information can be used to classify the malware applications. To verify the applicability of metric, we perform evaluat ion to benign and malware application and compare its results.