Due to the trend that mobile devices are getting more and more popular, smart phone security becomes an important issue nowadays. This paper proposes an Android-based botnet, called JokerBot, to show the possible security problems in mobile devices. This paper describes JokerBot framework. JokerBot designs its own communication mechanism to allow different bots to communicate with each other. An attacker can use JokerBot to trigger many kinds of potential attacks, such as monitoring the SMS messages and location disclosure. Moreover, after a bot is created in a compromised smartphone, it is difficult to locate the botmaster and detect whether the smartphone is infected or not. Finally, this paper proposes some defense mechanisms to protect a smartphone against JokerBot attacks.