Mobile devices are used for communication and for tasks that are sensitive and subject to tampering. Indeed, attacks can be performed on the users' devices without user awareness, this represents additional risk in mission critical scenarios, such as Public Protection and Disaster Relief (PPDR). Intrusion Detection Systems are important for scenarios where information leakage is of crucial importance, since they allow to detect possible attacks to information assets (e.g., installation of malware), or can even compromise the security of PPDR personnel. HyIDS is an Hybrid IDS for Android and supporting the stringent security requirements of PPDR, by comprising agents that continuously monitor mobile device and periodically transmit the data to an analysis framework at the Command Control Center (CCC). The data collection retrieves resource usage metrics for each installed application such as CPU, memory usage, and incoming and outgoing network traffic. At the CCC, the HyIDS employs Machine Learning techniques to identify patterns that are consistent with malware signatures based on the data collected from the applications. The HyIDS's evaluation results demonstrate that the proposed solution has low impact on the mobile device in terms of battery consumption and CPU/memory usage.