As the penetration rate of smart mobile devices has increased, threats targeting the Android platform, which accounts for the majority of mobile operating systems, have increased. As a typical example, a fake Korea Financial Supervisory Service application(app) appeared at the end of 2017. When users installed this app and called the Financial Supervisory Service, there was a case of fake loan consultation, which resulted in financial loss and leakage of personal information. There have been a variety of malicious apps targeting mobile devices. As a result, it became necessary to detect the risks to such malicious apps and to make decisions about the apps. In this paper, we created a model to evaluate the risk of apps in Android and define the characteristics of each element. In addition, the risk from the model is used to make a risk map for decision making using unsupervised algorithms. To make the risk map in this paper uses the data of 2970 apps that is malicious or benign. As a result of the experiment, some of the benign apps were classified as very high risk. They had a lot of high-risk permissions, and there was a need for users to be careful. The results of this study can help users know the exact risk of Android apps and help detect unknown malicious apps.