This part describes a process that we would like to write a spyware for the Android. It would look like a normal service app and at the same time, silently harvest personal data and send them to a remote server. We only use the Android APIs to achieve our goal without root exploits. We also present the critical privacy issue in Android app developed flow. In order to reach the Android market, the spyware can wilfully use self-signed APIs. Let's look for entry points to steal personal data within these constraints.