Android system dominates the mobile operating systems at present. Compared with iOS system, Android system is more open and has lots of third-party markets with loose audit mechanism. Therefore, there are more malwares in Android platform. In this paper, an Android security analysis based on sensitive path identification, which includes the static analysis and machine learning methods, is presented. Firstly, since malicious behaviors in malwares have their trigger conditions, the definition of sensitive path is provided. Secondly, a method is proposed to generate the inter-component call graph based on APK files base in the fact that there are a lot of inter-component call relations in Android applications. Thirdly, since the sensitive paths cannot be directly used as features, a method is designed to abstract the sensitive paths. Finally, 493 applications APK files are collected from Android markets and the existing data sets, such as Google Play, Wandoujia and Drebin, to construct a benchmark. Experiments indicate that the proposed method has higher accuracy (97.97%) than the method based on API-feature (90.47%), and its precision, recall and F-measure are also better than API-feature method. Furthermore, the scale of the APK file has influence to the experiment results, especially in analyzing time (when the APK files are within 0-4MB, the average analyzing time is 89 seconds; and when the files become larger, the time increases significantly).