Android phones have a large market share in the world, and the third-party system based on Android-derived is also very popular. As the security issues appear in Android systems frequently, this paper uses Clang to compile Android source code for static analysis. This analysis extracts rules and models from published CVE vulnerabilities, and uses the improved Clang to statically analyze Android source code to detect potentially unsafe code snippets. During the analysis of the Android source code, the Clang static analyzer taints attack surface, and calls the new added STP constrained solver. Then it taints sensitive data through the symbolic execution, and makes taint analysis on the sensitive functions, sensitive operations, sensitive rules, finally reports unsafe code snippets if there are potential security risks. Through experimental analysis, this method can accurately identify unsafe source code snippets that exist in the Android source code with the same type of security risk, and this method can detect five high-risk CVE vulnerabilities in the libstagefright module.