diff --git a/common/appspawn_server.c b/common/appspawn_server.c
index f5f2c4671b79a5fcd7f0d32b68e0099de377c524..7d27d8ea1ae9cfc50424ebe0edc30f1e0ebc5919 100644
--- a/common/appspawn_server.c
+++ b/common/appspawn_server.c
@@ -17,12 +17,15 @@
 
 #include <stdlib.h>
 #include <errno.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
 #ifdef OHOS_DEBUG
 #include <time.h>
 #endif // OHOS_DEBUG
 
+#define DEFAULT_UMASK 0002
+
 static void NotifyResToParent(struct AppSpawnContent_ *content, AppSpawnClient *client, int result)
 {
     if (content->notifyResToParent != NULL) {
@@ -53,6 +56,7 @@ int DoStartApp(struct AppSpawnContent_ *content, AppSpawnClient *client, char *l
             return ret, "Failed to set app sandbox");
     }
 
+    (void)umask(DEFAULT_UMASK);
     if (content->setKeepCapabilities) {
         ret = content->setKeepCapabilities(content, client);
         APPSPAWN_CHECK(ret == 0, NotifyResToParent(content, client, ret);
diff --git a/lite/appspawn_process.c b/lite/appspawn_process.c
index bf562f732c9b91bb709ecf183e72bef671e31935..5fe02da8ba797ce241a3034659a34ddf2302691e 100644
--- a/lite/appspawn_process.c
+++ b/lite/appspawn_process.c
@@ -34,7 +34,7 @@
 #include "appspawn_service.h"
 #include "securec.h"
 
-#define DEFAULT_UMASK 022
+#define DEFAULT_UMASK 002
 #define CAP_NUM 2
 #define ENV_TITLE "LD_LIBRARY_PATH="
 #define UPPER_BOUND_GID 999