APIs and permissions are often used as key features in static analysis process. In this paper, we classify applications into three categories according to their APIs and permissions: Benign, Suspicious, and Malicious. To achieve that, we define three levels of analysis. Level 1 has 19 categories like Network, System Summary etc., in a comprehensive meaning. Level 2 has 113 categories of detailed contents of Level 1 classification. In Level 3, not only does it match with the API's interface, class, or public method, but it also matches the permissions according to Level 2 classification. Based on this, API and permission based classification system were constructed as YARA Rule. The API, Class, and Public methods of each application are extracted from AndroidManifest.xml, classes.dex and matched with YARA Rule. We eventually raise user's awareness by providing insights about application behaviors, and let them judge whether to install the application on their devices.