With the popularization of mobile Internet, the Android operating system has become the main target of malware attacks because of its openness. Traditional malware detection methods face challenges in handling complex feature representations, especially in utilizing the semantic information and call order of application programming interface call sequences. Therefore, this study develops a deep learning method to identify malicious software by analyzing the application programming interface calls and constructing heterogeneous graphs of Android applications. The results showed that the proposed method achieved accuracies of 92.80% and 94.24% on the Drebin and AndroZoo datasets, demonstrating excellent robustness and generalization ability. The ablation experiment showed that the accuracy of the complete model was 94.71%, verifying the key role of each part of the method. In comparison with existing methods, the proposed method led with an average accuracy of 94.27%, while maintaining detection time within 5–10 s, demonstrating high efficiency and practicality. This study contributes to the in-depth exploration of semantic information and behavioral patterns of application programming interface call sequences. The efficient malware identification method developed can cope with the constantly evolving malware threats.