Security in Android applications is enforced with access control policies implemented via permissions giving access to different resources on the phone. These permissions are often too coarse and on most Android platforms, based on an all-or-nothing decision. How can we grant permissions and be sure they will not be misused? We propose a policy-based lightweight approach for the verification and certification of Android applications with respect to a given policy. It consists of a verifier running on a conventional computer and a checker residing on an Android mobile device. The verifier applies static analysis to show the conformance between an application and a given policy. It also generates a certificate asserting the validity of the analysis result. The checker, on a mobile device, can then check the validity of the certificate to confirm or refute the fulfilment of the policy by the application before installing it. This scheme represents a potential future model for app stores where apps are equipped with policies and checkable evidence. We have implemented our approach and report on preliminary results obtained for a set of popular real-world applications.