diff --git a/services/abilitymgr/include/ability_manager_service.h b/services/abilitymgr/include/ability_manager_service.h
index 2bcc0314ac1d407ab69e376f276f48a8a46d4990..c9234f9665a6e1fbd2a8211770b96cd83da2898d 100644
--- a/services/abilitymgr/include/ability_manager_service.h
+++ b/services/abilitymgr/include/ability_manager_service.h
@@ -2825,6 +2825,8 @@ private:
 
     int32_t ProcessUdmfKey(
         const Want &want, uint32_t targetTokenId, AppExecFwk::ExtensionAbilityType extensionType);
+
+    bool IsAllowAttachOrDetachAppDebug(AppExecFwk::ApplicationInfo &appInfo);
 #ifdef BGTASKMGR_CONTINUOUS_TASK_ENABLE
     std::shared_ptr<BackgroundTaskObserver> bgtaskObserver_;
 #endif
diff --git a/services/abilitymgr/src/ability_manager_service.cpp b/services/abilitymgr/src/ability_manager_service.cpp
index 0c215ea9f69239b57ddcdae2c87e3b779945e1e7..80089a97523d249734ab36a6b70ce39d1e8d4b3c 100644
--- a/services/abilitymgr/src/ability_manager_service.cpp
+++ b/services/abilitymgr/src/ability_manager_service.cpp
@@ -334,6 +334,7 @@ constexpr const char* LIFE_CYCLE_PRELOAD = "preload";
 constexpr uint32_t TARGET_TYPE_INIT = 100;
 constexpr int64_t USER_SWITCH_TIMEOUT = 3 * 1000; // 3s
 constexpr const char* SUPPORT_LINKAGE_SCENE = "const.window.supportLinkageScene";
+constexpr const char* ALLOW_DEBUG_PERMISSION = "persist.sys.abilityms.allow_debug_permission";
 
 const bool REGISTER_RESULT =
     SystemAbility::MakeAndRegisterAbility(DelayedSingleton<AbilityManagerService>::GetInstance().get());
@@ -12372,9 +12373,15 @@ int32_t AbilityManagerService::AttachAppDebug(const std::string &bundleName, boo
 
     int32_t err = ERR_OK;
     int32_t userId = GetValidUserId(DEFAULT_INVAL_VALUE);
-    if ((err = StartAbilityUtils::CheckAppProvisionMode(bundleName, userId)) != ERR_OK) {
-        TAG_LOGE(AAFwkTag::ABILITYMGR, "CheckAppProvisionMode returns errcode=%{public}d", err);
-        return err;
+    AppExecFwk::ApplicationInfo appInfo;
+    if (!StartAbilityUtils::GetApplicationInfo(bundleName, userId, appInfo)) {
+        TAG_LOGE(AAFwkTag::ABILITYMGR, "Get application info failed: %{public}s", bundleName.c_str());
+        return ERR_INVALID_VALUE;
+    }
+
+    if (!IsAllowAttachOrDetachAppDebug(appInfo)) {
+        TAG_LOGE(AAFwkTag::ABILITYMGR, "release application or check permission error");
+        return ERR_NOT_IN_APP_PROVISION_MODE;
     }
 
     ConnectInitAbilityDebugDeal();
@@ -12401,9 +12408,15 @@ int32_t AbilityManagerService::DetachAppDebug(const std::string &bundleName, boo
 
     int32_t err = ERR_OK;
     int32_t userId = GetValidUserId(DEFAULT_INVAL_VALUE);
-    if ((err = StartAbilityUtils::CheckAppProvisionMode(bundleName, userId)) != ERR_OK) {
-        TAG_LOGE(AAFwkTag::ABILITYMGR, "CheckAppProvisionMode returns errcode=%{public}d", err);
-        return err;
+    AppExecFwk::ApplicationInfo appInfo;
+    if (!StartAbilityUtils::GetApplicationInfo(bundleName, userId, appInfo)) {
+        TAG_LOGE(AAFwkTag::ABILITYMGR, "Get application info failed: %{public}s", bundleName.c_str());
+        return ERR_INVALID_VALUE;
+    }
+
+    if (!IsAllowAttachOrDetachAppDebug(appInfo)) {
+        TAG_LOGE(AAFwkTag::ABILITYMGR, "release application or check permission error");
+        return ERR_NOT_IN_APP_PROVISION_MODE;
     }
 
     return IN_PROCESS_CALL(DelayedSingleton<AppScheduler>::GetInstance()->DetachAppDebug(bundleName));
@@ -15369,5 +15382,18 @@ int32_t AbilityManagerService::ProcessUdmfKey(
     }
     return ERR_OK;
 }
+
+bool AbilityManagerService::IsAllowAttachOrDetachAppDebug(AppExecFwk::ApplicationInfo &appInfo)
+{
+    if (appInfo.appProvisionType == AppExecFwk::Constants::APP_PROVISION_TYPE_DEBUG) {
+        return true;
+    }
+    bool isDebugEnabled = OHOS::system::GetBoolParameter(ALLOW_DEBUG_PERMISSION, false);
+    if (isDebugEnabled && AccessTokenKit::VerifyAccessToken(appInfo.accessTokenId,
+        PermissionConstants::PERMISSION_ALL_DEBUG , false) == AppExecFwk::Constants::PERMISSION_GRANTED) {
+        return true;
+    }
+    return false;
+}
 }  // namespace AAFwk
 }  // namespace OHOS
diff --git a/services/common/include/permission_constants.h b/services/common/include/permission_constants.h
index d8b230048d311013931d26a7f7c95e536b5df25b..0c963f7b6339e3f9b05358d4ff748ea8a11dde1b 100644
--- a/services/common/include/permission_constants.h
+++ b/services/common/include/permission_constants.h
@@ -82,6 +82,7 @@ constexpr const char* PERMISSION_SUPPORT_APP_SERVICE_EXTENSION = "ohos.permissio
 constexpr const char* PERMISSION_MANAGE_EDM_POLICY = "ohos.permission.MANAGE_EDM_POLICY";
 constexpr const char* PERMISSION_TRIGGER_LOCAL_WANTAGENT = "ohos.permission.TRIGGER_LOCAL_WANTAGENT";
 constexpr const char* PERMISSION_GET_EDM_CONFIG = "ohos.permission.GET_EDM_CONFIG";
+constexpr const char* PERMISSION_ALL_DEBUG = "ohos.permission.kernel.ALLOW-DEBUG";
 } // namespace PermissionConstants
 } // namespace AAFwk
 } // namespace OHOS