Research has shown that the android permission model was insufficient for providing protection against malicious behaviors of the untrusted third-party applications. To improve this scenario, Google modified the permission model in the recent Android version. However, in our analysis, it is still not an ideal option to enforce fine-grained access control. In this paper, we propose an extension and implementation of the Android permission model, ZoneDroid, to control a set of applications easily by creating multiple application zones (i.e., application groups). It is an approach to control application groups by modifying the Android permission model. All other previous approaches focused on restricting individual applications or creating separate user profiles. ZoneDroid minimizes security and privacy risks with a finer granularity of restrictions. Users can also control multiple devices using the cloud. Different zones (high privilege, trusted, new, restricted, etc.) have different runtime policies and enforce fine-grained access control. The ability to control application groups efficiently can be a valuable addition to the existing Android permission model. Experiments show that ZoneDroid is effective against information leak and it can protect the device from becoming a part of a botnet. ZoneDroid offers much less user action when controlling multiple applications and its performance overhead is negligible.