The invention relates to an Android malware static detection method based on random forest and belongs to the technical field of network security. According to the method, characteristic vectors consisting of permissions, monitored system events, sensitive APIs and permission rates are constructed, a training model and a prediction model of Android malware based on a random forest algorithm in support machine learning are established, then, the validity of the models is verified through sample calculation with a tenfold cross validation method. The prediction accuracy of the model can reach 89.91%. The method has the significant advantages as follows: 1) main characteristics involved in each Android application are acquired with a simple and quick static analysis method, besides, no dynamic tracking is involved, and the characteristics of low cost and high efficiency are realized; 2) the used four groups of characteristic vectors comprising the permissions, monitored system events, sensitive APIs and permission rates can be captured easily by each Android application, and the method is easy to popularize on an Android platform.