Applications within mobile devices, although useful and entertaining, come with security risks to private information stored within the device such as name, address, and date of birth. Standards, frameworks, models, and metrics have been proposed and implemented to combat these security vulnerabilities, but they remain to persist today. In this review, we discuss the risk calculation of android applications which is used to determine the overall security of an application. Besides, we also present and discuss the permission-based access control models that can be used to evaluate application access to user data. The study also focuses on examining the predictive analysis of security risks using machine learning. We conduct a comprehensive review of the leading studies accomplished on investigating the vulnerabilities of the applications for the Android mobile platform. The review examines various well-known vulnerabilities prediction models and highlights the sources of the vulnerabilities, prediction technique, applications and the performance of these models. Some models and frameworks prove to be promising but there is still much more research needed to be done regarding security for Android applications.