With the increasing capabilities of mobile devices such as smartphones and tablets, there are more and more mobile sensing applications such as air pollution monitoring and healthcare. These applications usually aggregate the data contributed by mobile users to infer about people's activities or surroundings. Mobile sensing can only work properly if the data provided by users is adequate and trustworthy. However, mobile users may not be willing to submit data due to privacy concerns, and they may be malicious and submit forged data to cause damage to the system. To address these problems, this paper proposes a novel privacy-aware and trustworthy data aggregation protocol for mobile sensing. Our protocol allows the server to aggregate the data submitted by mobile users without knowing the data of individual user. At the same time, if malicious users submit invalid data, they will be detected or the polluted aggregation result will be rejected by the server. In this way, the malicious users' effect on the aggregation result is effectively limited. The detection of invalid data works even if multiple malicious users collude. Security analysis shows that our scheme can achieve the trustworthy and privacy preserving goals, and experimental results show that our scheme has low computation cost and low power consumption.