I'm writing an app for the macOS App Store in C++/QT with now some mixed in Objective C, and I'm currently trying to add the following functionality : Create an album in the Apple Photos app, then add some videos to it given their id (videos that are already in the library, not importing videos). For this, I've written the hybrid C++/Objective C function: char *Obj_C::obj_C_addMediaToAlbum(char *albumName, char *mediaId) { NSString *objAlbumName = [NSString stringWithUTF8String: albumName]; NSString *mediaIdS = [NSString stringWithUTF8String: mediaId]; NSString *source = [NSString stringWithFormat:@"tell application \"Photos\"\n" @" set selMedia to (get media items whose id contains \"%@\")\n" @" if not (album \"Trash from %@\" exists) then\n" @" make new album named \"Trash from %@\"\n" @" end if\n" @" add selMedia to album \"Trash from %@\"\n" @"end tell", mediaIdS, objAlbumName, objAlbumName, objAlbumName]; NSDictionary *errorDictionary; NSAppleScript *script = [[NSAppleScript alloc] initWithSource:source]; NSAppleEventDescriptor *resultDesc = [script executeAndReturnError:&errorDictionary]; NSString *returnString = @OBJ_C_SUCCESS_STRING; if ( resultDesc ) { // was successful return (char *)[returnString UTF8String]; } else{ returnString = [NSString stringWithFormat:@"%@", errorDictionary]; return (char *)[returnString UTF8String]; } } I've added the following elements to my entitlements file, after looking at the Photos.sdef file which describes the scripting targets available for the Photos app: <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.automation.apple-events</key> <true/> <key>com.apple.security.scripting-targets</key> <dict> <key>com.apple.Photos</key> <array> <string>com.apple.Photos.library.read-write</string> <string>com.apple.Photos.spotlight</string> </array> </dict> </dict> </plist> And the following to my .plist file as I read somewhere it's necessary: <key>NSAppleEventsUsageDescription</key> <string>The app uses events to control Apple Photos, to help you identify duplicates within you library.</string> When I run this outside the sandbox, it runs fine. However, if I attempt inside the sandbox, I get the error AppleEvents/sandbox: Returning errAEPrivilegeError/-10004 and denying dispatch of event core/getd from process '<private>'/0x0-0x130f30e, pid=63826, because it is not entitled to send an AppleEvent to this process. when looking in the console and the output from my function is : { NSAppleScriptErrorAppName = Photos; NSAppleScriptErrorBriefMessage = "A privilege violation occurred."; NSAppleScriptErrorMessage = "Photos got an error: A privilege violation occurred."; NSAppleScriptErrorNumber = "-10004"; NSAppleScriptErrorRange = "NSRange: {51, 68}"; } I also get the same error if instead of the whole complex AppScript command, I only give the command : "tell application \"Photos\" to make new album named \"Test album\", so it doesn't seem to come from one element of the script itself. **I don't understand: what am I missing to make it work correctly ? ** NB: If instead I use com.apple.security.temporary-exception.apple-events with my entitlements file being : <plist version="1.0"> <dict> <key>com.apple.security.app-sandbox</key> <true/> <key>com.apple.security.automation.apple-events</key> <true/> <key>com.apple.security.temporary-exception.apple-events</key> <array> <string>com.apple.Photos</string> </array> </dict> </plist> It then works, but it doesn't seem the safe way to do it nor the approved way to do it from my understanding of the temporary exception being intended to be replaced by the scripting targets when available, and they are available for the Photos app...