The rapid growth of smartphones has lead to a renaissance for mobile application services. Android and iOS now as the most popular smartphone platforms offer a public marketplace respectively, the Android Market and App Store- but operate with dramatically different approaches to prevent malware on their devices. In Android platform, developer not only can directly deliver their apps on the Android market without strict review process, but also is capable to put the non-official verified apps marketplace (i.e., Applanet, AppBrain and so on). In this study, we purpose an automatic Android malware detection mechanism based on the result from sandbox. We leverage network spatial feature extraction of Android apps and independent component analysis (ICA) to find the intrinsic domain name resolution behavior of Android malware. The proposed mechanism that identifies the Android malware can achieve in automatic way. For evaluation the proposed approach, the public Android malware apps dataset and popular benign apps collected from Android Market are used for evaluating the effectiveness in analyzing the grouping ability and the effectiveness of identifying the Android malware. The proposed approach successfully identifies malicious Android Apps close to 100% accuracy, precision and recall rate.