Framework for android malware on-device detection that is based on edge computing. Mobile devices send flow metainformation, such as the app name and the server-side IP address, to the edge. Edge servers capture app network traffic and extract HTTP contents and flow statistical features from the captured traffic. Later, the features are sent to the cloud for malware detection. The cloud also interacts with the mobile devices to return the detection results.