Mobile applications can collect large private user data including user bank details, contact numbers, photos, saved locations, etc. This poses privacy concerns on many users while using mobile applications. In Android 6.0 and above, users can control apps permissions, where the system allows users to grant and block the dangerous apps permissions at any time. However, there are additional permissions used by the apps (normal permissions) that cannot be controlled by users, which may eventually lead to many privacy violations. In this paper, we present a new approach (CUPA) that provides users with the ability to control applications' access to Android system resources and private data based on user-defined policies. This approach allows users to reduce the level of privacy violation by providing them with some options that are not available in the Android permission system during the installation and run-Time of Android apps. The proposed approach enables users to control the behavior of the apps, including the app network connections, permissions list, and app to app communication. The proposed approach consists of three main components that can check the app behaviors during the installation and run-Time, provide the users with resources and data filtration and allow users to take appropriate actions to control the leakage of the application.