The Binder framework is at the core of Android systems due to its fundamental role for interprocess communications. Applications use the Binder to perform high level tasks such as accessing location information. The importance of the Binder makes it an attractive target for attackers. Rootkits on Android platforms can arbitrarily access any Binder transaction data and therefore have system-wide security impact. In this paper, we propose H-Binder to secure the Binder IPC channel between two applications. It runs transparently with Android and COTS applications without making changes on their binaries. In this work, we design a bare-metal ARM hypervisor with a tiny code base at runtime. The hypervisor interposes on the main steps of a Binder transaction by leveraging ARM hardware virtualization techniques. It protects secrecy and integrity of the Binder transaction data. We have implemented a prototype of the H-Binder hypervisor and tested its performance. The experiment results show that H-Binder incurs an insignificant overhead to the applications.