An overview of the Android application components, permissions, and API functions has been performed, taking into account their possible use by malicious applications. Statistics of the use of Android application components, permissions, API functions, and broadcast receiver events in malicious and benign programs have been compiled. To describe the operation of an Android application, a subject-object model of the behavior of an Android application is presented.