With the rapid advancement of technology today, smartphones become more and more powerful and attract a huge amount of users with new features provided by mobile device operating systems such as Android. However, due to its security vulnerability, hackers and cybercriminals constantly attack Android mobile devices. Thus, research on effective and efficient mobile threat analysis becomes an emerging and important topic in cybersecurity research area, using various security analysis and evaluation strategies such as static analysis and dynamic analysis. In this paper, we propose a hybrid approach which aggregates the static and dynamic analysis for detecting security threat and attack in mobile app. In our approach, we implement the unification of data states and software execution on the critical test path. Our approach has two phases. We first perform the static analysis to identify the possible attack critical path based on Android API and the existing attack patterns, next we perform the dynamic analysis which follows the path to execute the program in a limited and focused scope, and detect the attack possibility by checking conformance of detected path with the existing attack patterns. In the second phase of runtime dynamic analysis, dynamic inspection will report the type of attack scenarios with respect to the type of confidential data leakage, such as web browser cookie, without accessing any real critical and protected data sources in mobile devices.