diff --git a/services/distributeddataservice/service/udmf/BUILD.gn b/services/distributeddataservice/service/udmf/BUILD.gn
index f8a62d82cdcbc1c4ba80d63277642373c1fae49a..c908469dfbf2d4c2fa31496e34f0b78a6f6b69a4 100644
--- a/services/distributeddataservice/service/udmf/BUILD.gn
+++ b/services/distributeddataservice/service/udmf/BUILD.gn
@@ -19,6 +19,7 @@ config("module_public_config") {
   include_dirs = [
     "${data_service_path}/adapter/include/communicator",
     "${data_service_path}/service/matrix/include",
+    "${data_service_path}/service/permission/include",
     "${data_service_path}/service/udmf/lifecycle",
     "${data_service_path}/service/udmf/permission",
     "${data_service_path}/service/udmf/preprocess",
diff --git a/services/distributeddataservice/service/udmf/preprocess/preprocess_utils.cpp b/services/distributeddataservice/service/udmf/preprocess/preprocess_utils.cpp
index 8280315892e0c2bb0eb7114db71630453f353697..732afb8fc117e331a6e74b5bc4a3946e341f0f48 100644
--- a/services/distributeddataservice/service/udmf/preprocess/preprocess_utils.cpp
+++ b/services/distributeddataservice/service/udmf/preprocess/preprocess_utils.cpp
@@ -32,6 +32,8 @@
 #include "udmf_utils.h"
 #include "utils/crypto.h"
 #include "uri_permission_manager_client.h"
+#include "ipc_skeleton.h"
+#include "bundle_mgr_interface.h"
 namespace OHOS {
 namespace UDMF {
 static constexpr int ID_LEN = 32;
@@ -69,6 +71,7 @@ int32_t PreProcessUtils::FillRuntimeInfo(UnifiedData &data, CustomOption &option
     UnifiedKey key(intention, bundleName, GenerateId());
     Privilege privilege;
     privilege.tokenId = option.tokenId;
+    std::string appId = GetAppId(bundleName);
     Runtime runtime;
     runtime.key = key;
     runtime.privileges.emplace_back(privilege);
@@ -80,6 +83,7 @@ int32_t PreProcessUtils::FillRuntimeInfo(UnifiedData &data, CustomOption &option
     runtime.tokenId = option.tokenId;
     runtime.sdkVersion = GetSdkVersionByToken(option.tokenId);
     runtime.visibility = option.visibility;
+    runtime.appId = appId;
     data.SetRuntime(runtime);
     return E_OK;
 }
@@ -147,6 +151,33 @@ bool PreProcessUtils::GetNativeProcessNameByToken(int tokenId, std::string &proc
     return true;
 }
 
+std::string PreProcessUtils::GetAppId(const std::string &bundleName)
+{
+    auto samgrProxy = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
+    if (samgrProxy == nullptr) {
+        ZLOGE("Failed to get system ability mgr.");
+        return "";
+    }
+    auto bundleMgrProxy = samgrProxy->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
+    if (bundleMgrProxy == nullptr) {
+        ZLOGE("Failed to Get BMS SA.");
+        return "";
+    }
+    auto bundleManager = iface_cast<AppExecFwk::IBundleMgr>(bundleMgrProxy);
+    if (bundleManager == nullptr) {
+        ZLOGE("Failed to get bundle manager");
+        return "";
+    }
+    int32_t uid = IPCSkeleton::GetCallingUid();
+    int32_t userId = uid / OHOS::AppExecFwk::Constants::BASE_USER_RANGE;
+    std::string appId = bundleManager->GetAppIdByBundleName(bundleName, userId);
+    if (appId.empty()) {
+        ZLOGE("GetAppIdByBundleName failed appId:%{public}s, bundleName:%{public}s, uid:%{public}d",
+            appId.c_str(), bundleName.c_str(), userId);
+    }
+    return appId;
+}
+
 std::string PreProcessUtils::GetLocalDeviceId()
 {
     auto info = DistributedData::DeviceManagerAdapter::GetInstance().GetLocalDevice();
diff --git a/services/distributeddataservice/service/udmf/preprocess/preprocess_utils.h b/services/distributeddataservice/service/udmf/preprocess/preprocess_utils.h
index 5d602b6267d4e6b5b48e7d5c371de82bded66dc4..366dc17c60e1f34450724393d1db11061dbb1e84 100644
--- a/services/distributeddataservice/service/udmf/preprocess/preprocess_utils.h
+++ b/services/distributeddataservice/service/udmf/preprocess/preprocess_utils.h
@@ -44,6 +44,7 @@ public:
     static bool GetDetailsFromUData(const UnifiedData &data, UDDetails &details);
     static Status GetSummaryFromDetails(const UDDetails &details, Summary &summary);
     static bool GetSpecificBundleNameByTokenId(uint32_t tokenId, std::string &bundleName);
+    static std::string GetAppId(const std::string &bundleName);
     static sptr<AppExecFwk::IBundleMgr> GetBundleMgr();
 private:
     static bool CheckUriAuthorization(const std::vector<std::string>& uris, uint32_t tokenId);
diff --git a/services/distributeddataservice/service/udmf/udmf_service_impl.cpp b/services/distributeddataservice/service/udmf/udmf_service_impl.cpp
index 1ceb45cc8c31ec8eb3c3b032727484ca8aa1cecb..04e0cddd7fa05c16a4c29b30cbf1d034de81251a 100644
--- a/services/distributeddataservice/service/udmf/udmf_service_impl.cpp
+++ b/services/distributeddataservice/service/udmf/udmf_service_impl.cpp
@@ -428,11 +428,15 @@ int32_t UdmfServiceImpl::UpdateData(const QueryOption &query, UnifiedData &unifi
     }
     std::shared_ptr<Runtime> runtime = data.GetRuntime();
     if (runtime == nullptr) {
+        ZLOGW("Invalid parameter, intention: %{public}s.", key.intention.c_str());
         return E_DB_ERROR;
     }
+
     if (runtime->tokenId != query.tokenId && !HasDatahubPriviledge(bundleName)) {
-        ZLOGE("Update failed: tokenId mismatch");
-        return E_INVALID_PARAMETERS;
+        if (CheckAppId(runtime, bundleName) != E_OK) {
+            ZLOGE("Update failed: tokenId mismatch");
+            return E_INVALID_PARAMETERS;
+        }
     }
     runtime->lastModifiedTime = PreProcessUtils::GetTimestamp();
     unifiedData.SetRuntime(*runtime);
@@ -444,6 +448,20 @@ int32_t UdmfServiceImpl::UpdateData(const QueryOption &query, UnifiedData &unifi
     return E_OK;
 }
 
+int32_t UdmfServiceImpl::CheckAppId(std::shared_ptr<Runtime> runtime, std::string bundleName)
+{
+    if (runtime->appId.empty()) {
+        ZLOGE("Update failed: tokenId mismatch");
+        return E_INVALID_PARAMETERS;
+    }
+    std::string appId = PreProcessUtils::GetAppId(bundleName);
+    if (appId.empty() || appId != runtime->appId) {
+        ZLOGE("Update failed: tokenId mismatch");
+        return E_INVALID_PARAMETERS;
+    }
+    return E_OK;
+}
+
 int32_t UdmfServiceImpl::DeleteData(const QueryOption &query, std::vector<UnifiedData> &unifiedDataSet)
 {
     ZLOGD("start");
@@ -470,15 +488,10 @@ int32_t UdmfServiceImpl::DeleteData(const QueryOption &query, std::vector<Unifie
     }
     std::shared_ptr<Runtime> runtime;
     std::vector<std::string> deleteKeys;
-    for (const auto &data : dataSet) {
-        runtime = data.GetRuntime();
-        if (runtime == nullptr) {
-            return E_DB_ERROR;
-        }
-        if (runtime->tokenId == query.tokenId) {
-            unifiedDataSet.push_back(data);
-            deleteKeys.push_back(UnifiedKey(runtime->key.key).GetKeyCommonPrefix());
-        }
+    status = ValidateAndProcessRuntimeData(dataSet, runtime, unifiedDataSet, deleteKeys, query);
+    if (status != E_OK) {
+        ZLOGE("ValidateAndProcessRuntimeData failed.");
+        return status;
     }
     if (deleteKeys.empty()) {
         ZLOGE("No data to delete for this application");
@@ -492,6 +505,37 @@ int32_t UdmfServiceImpl::DeleteData(const QueryOption &query, std::vector<Unifie
     return E_OK;
 }
 
+int32_t UdmfServiceImpl::ValidateAndProcessRuntimeData(const std::vector<UnifiedData> &dataSet,
+    std::shared_ptr<Runtime> runtime, std::vector<UnifiedData> &unifiedDataSet, std::vector<std::string> &deleteKeys,
+    const QueryOption &query)
+{
+    std::string appId;
+    bool isFirstInvoke = false;
+    for (const auto &data : dataSet) {
+        runtime = data.GetRuntime();
+        if (runtime == nullptr) {
+            return E_DB_ERROR;
+        }
+        if (runtime->tokenId != query.tokenId) {
+            if (runtime->appId.empty()) {
+                continue;
+            }
+            if (!isFirstInvoke) {
+                std::string bundleName;
+                PreProcessUtils::GetHapBundleNameByToken(query.tokenId, bundleName);
+                appId = PreProcessUtils::GetAppId(bundleName);
+                isFirstInvoke = true;
+            }
+            if (appId.empty() || appId != runtime->appId) {
+                continue;
+            }
+        }
+        unifiedDataSet.push_back(std::move(data));
+        deleteKeys.emplace_back(UnifiedKey(runtime->key.key).GetKeyCommonPrefix());
+    }
+    return E_OK;
+}
+
 int32_t UdmfServiceImpl::GetSummary(const QueryOption &query, Summary &summary)
 {
     ZLOGD("start");
diff --git a/services/distributeddataservice/service/udmf/udmf_service_impl.h b/services/distributeddataservice/service/udmf/udmf_service_impl.h
index 8f366463f115a91d92db2235973f50bd04c25a0c..8fd4232803b870c1e079b308113107531286708b 100644
--- a/services/distributeddataservice/service/udmf/udmf_service_impl.h
+++ b/services/distributeddataservice/service/udmf/udmf_service_impl.h
@@ -80,6 +80,9 @@ private:
     std::string FindIntentionMap(const Intention &queryintention);
     bool IsValidOptionsNonDrag(UnifiedKey &key, const std::string &intention);
     bool IsValidInput(const QueryOption &query, UnifiedData &unifiedData, UnifiedKey &key);
+    int32_t ValidateAndProcessRuntimeData(const std::vector<UnifiedData> &dataSet, std::shared_ptr<Runtime> runtime,
+        std::vector<UnifiedData> &unifiedDataSet, std::vector<std::string> &deleteKeys, const QueryOption &query);
+    int32_t CheckAppId(std::shared_ptr<Runtime> runtime, std::string bundleName);
     class Factory {
     public:
         Factory();