diff --git a/services/bundlemgr/include/base_bundle_installer.h b/services/bundlemgr/include/base_bundle_installer.h
index 9b3ac37d5dbea8726429f33180be376a5d04947f..27fbe17ef48c5e9b4a692e2a2fa1cdb28b363d60 100644
--- a/services/bundlemgr/include/base_bundle_installer.h
+++ b/services/bundlemgr/include/base_bundle_installer.h
@@ -683,7 +683,7 @@ private:
     void CreateScreenLockProtectionDir();
     void DeleteScreenLockProtectionDir(const std::string bundleName) const;
     bool SetEncryptionDirPolicy(InnerBundleInfo &info);
-    void DeleteEncryptionKeyId(const InnerBundleInfo &oldInfo) const;
+    void DeleteEncryptionKeyId(const InnerBundleInfo &oldInfo, bool isKeepData) const;
     void CreateScreenLockProtectionExistDirs(const InnerBundleInfo &info, const std::string &dir);
 #ifdef APP_DOMAIN_VERIFY_ENABLED
     void PrepareSkillUri(const std::vector<Skill> &skills, std::vector<AppDomainVerify::SkillUri> &skillUris) const;
diff --git a/services/bundlemgr/src/base_bundle_installer.cpp b/services/bundlemgr/src/base_bundle_installer.cpp
index a322aa2653a2dff7bda413f2cc3fb953b183e8b5..cd8f0edaab1ff4ae3b7af6af447fd35f4e80a7a6 100644
--- a/services/bundlemgr/src/base_bundle_installer.cpp
+++ b/services/bundlemgr/src/base_bundle_installer.cpp
@@ -1437,7 +1437,7 @@ ErrCode BaseBundleInstaller::ProcessBundleUninstall(
         APP_LOGW("remove group dir failed for %{public}s", oldInfo.GetBundleName().c_str());
     }
 
-    DeleteEncryptionKeyId(oldInfo);
+    DeleteEncryptionKeyId(oldInfo, installParam.isKeepData);
 
     if (oldInfo.GetInnerBundleUserInfos().size() > 1) {
         LOG_D(BMS_TAG_INSTALLER, "only delete userinfo %{public}d", userId_);
@@ -2840,13 +2840,14 @@ bool BaseBundleInstaller::SetEncryptionDirPolicy(InnerBundleInfo &info)
 void BaseBundleInstaller::CreateScreenLockProtectionExistDirs(const InnerBundleInfo &info,
     const std::string &dir)
 {
-    LOG_NOFUNC_I(BMS_TAG_INSTALLER, "CreateScreenLockProtectionExistDirs start");
     InnerBundleUserInfo newInnerBundleUserInfo;
     if (!info.GetInnerBundleUserInfo(userId_, newInnerBundleUserInfo)) {
         LOG_E(BMS_TAG_INSTALLER, "bundle(%{public}s) get user(%{public}d) failed",
             info.GetBundleName().c_str(), userId_);
         return;
     }
+    LOG_I(BMS_TAG_INSTALLER, "create el5 dir: %{public}s, uid: %{public}d",
+        dir.c_str(), newInnerBundleUserInfo.uid);
     int32_t mode = S_IRWXU;
     int32_t gid = newInnerBundleUserInfo.uid;
     if (dir.find(ServiceConstants::DATABASE) != std::string::npos) {
@@ -2893,30 +2894,26 @@ void BaseBundleInstaller::CreateScreenLockProtectionDir()
         }
         return;
     }
-    bool dirExist = false;
     for (const std::string &dir : dirs) {
-        if (InstalldClient::GetInstance()->IsExistDir(dir, dirExist) != ERR_OK) {
-            LOG_E(BMS_TAG_INSTALLER, "check if dir existed failed");
-            return;
-        }
-        if (!dirExist) {
-            LOG_D(BMS_TAG_INSTALLER, "ScreenLockProtectionDir: %{public}s need to be created", dir.c_str());
-            CreateScreenLockProtectionExistDirs(info, dir);
-        }
+        LOG_D(BMS_TAG_INSTALLER, "create el5 dir: %{public}s.", dir.c_str());
+        CreateScreenLockProtectionExistDirs(info, dir);
     }
-    if (!dirExist) {
-        if (!SetEncryptionDirPolicy(info)) {
-            LOG_E(BMS_TAG_INSTALLER, "Encryption failed dir");
-        }
+    if (!SetEncryptionDirPolicy(info)) {
+        LOG_E(BMS_TAG_INSTALLER, "Encryption failed dir");
     }
 }
 
-void BaseBundleInstaller::DeleteEncryptionKeyId(const InnerBundleInfo &oldInfo) const
+void BaseBundleInstaller::DeleteEncryptionKeyId(const InnerBundleInfo &oldInfo, bool isKeepData) const
 {
     if (oldInfo.GetBundleName().empty()) {
         LOG_W(BMS_TAG_INSTALLER, "bundleName is empty");
         return;
     }
+    if (isKeepData) {
+        LOG_I(BMS_TAG_INSTALLER, "keep el5 dir -n %{public}s", oldInfo.GetBundleName().c_str());
+        return;
+    }
+    LOG_I(BMS_TAG_INSTALLER, "delete el5 dir -n %{public}s", oldInfo.GetBundleName().c_str());
     std::vector<std::string> dirs = GenerateScreenLockProtectionDir(oldInfo.GetBundleName());
     for (const std::string &dir : dirs) {
         if (InstalldClient::GetInstance()->RemoveDir(dir) != ERR_OK) {
diff --git a/services/bundlemgr/src/installd/installd_operator.cpp b/services/bundlemgr/src/installd/installd_operator.cpp
index 365fbd371f1d4048b2e5132321cf9aa063d43b7c..caaefa66c102502971baa975084add82d86d6a10 100644
--- a/services/bundlemgr/src/installd/installd_operator.cpp
+++ b/services/bundlemgr/src/installd/installd_operator.cpp
@@ -45,6 +45,7 @@
 #include "bundle_service_constants.h"
 #include "bundle_util.h"
 #include "directory_ex.h"
+#include "el5_filekey_manager_error.h"
 #include "el5_filekey_manager_kit.h"
 #include "parameters.h"
 #include "securec.h"
@@ -2134,6 +2135,10 @@ bool InstalldOperator::GenerateKeyIdAndSetPolicy(int32_t uid, const std::string
         uid, bundleName.c_str(), userId);
     auto ret = Security::AccessToken::El5FilekeyManagerKit::GenerateAppKey(
         static_cast<uint32_t>(uid), bundleName, keyId);
+    if (ret == Security::AccessToken::EFM_ERR_KEYID_EXISTED) {
+        LOG_I(BMS_TAG_INSTALLD, "key id is existed");
+        return true;
+    }
     if (ret != 0) {
         LOG_E(BMS_TAG_INSTALLD, "Call GenerateAppKey failed ret = %{public}d", ret);
         return false;