Provided are a method and apparatus for managing an access privilege of an application in a Connected Limited Device Configuration (CLDC) and Open Service Gateway initiative (OSGi) environment. The method includes: marking a privileged code in the application; executing the privileged code in a secured thread having a unique thread identifier; identifying the privilege code by mapping the unique thread identifier with an application identifier from a mapping table; checking a permission policy file to determine what kind of resource access privilege the identified privileged code has; and permitting the application to access the resources according to the determination results. Accordingly, when an application tries to access resources in a framework, an access privilege of the application can be managed so that no applications can maliciously access the resources by identifying the application by using the mapping table and checking the security policy file of the identified application.