This paper presents an automated method for detecting reflected XSS vulnerabilities of Android Apps. Through identifying and classifying Android Apps components, automatically inputting test cases, clicking on the input box-related buttons and monitoring the results, to determine whether the applications have potential reflected XSS vulnerabilities. Moreover this method implements support for WebView by image processing. Based on this method, a prototyping tool is also implemented. The experiment results demonstrate that this proposed method can detect reflected XSS vulnerabilities of Android Apps with high practicability and effectiveness.