Skip to main content
Solved

Any way to tell what Apple ID an app was installed under?

  • November 2, 2017
  • 13 replies
  • 39 views
N
Forum|alt.badge.img+5

I have an interesting situation where a student has purchased a piece of software under his personal apple id, and is reselling it to other students by signing in as himself, installing it, then signing out.

I found this out by attempting to update the app in the app store and found that it prompted for another user's ID password.

My question is - is there any automated way to check what ID was used to install an app? I have a smart group created with all the students who have it installed, but some may have installed it under their own ID.

Best answer by easyedc

Doing some playing with defaults, which doesn't produce as pretty a result as PlistBuddy, I got this going fairly easily with the following: 

/usr/bin/defaults read ~/Library/Preferences/com.apple.commerce.plist KnownAccounts | grep identifier | awk '{print $NF}'

which produces all the signed in accounts but does leave some extra characters, but you can work around that.

"email1@me.com";
"email2@gmail.com";

You'd need to clean it up some to fit your situation, probably would look something like this

#!/bin/bash
USR=$(defaults read /Library/Preferences/com.apple.loginwindow.plist lastUserName)
store=$(/usr/bin/defaults read  /Users/$USR/Library/Preferences/com.apple.commerce.plist KnownAccounts | grep identifier | awk '{print $NF}')
    echo "<result>$store</result>"
exit 0

I didn't test this, but just sort of cobbled together based off what I think would work. Try. Test. Modify.

    13 replies

    easyedc
    Forum|alt.badge.img+16
    • easyedc
    • Esteemed Contributor
    • November 2, 2017

    I have an EA that checks for all what Apple IDs are/have signed into that App Store. You could run that and search for any computer that has his installed and verify against it's assigned owner or if it's got a 2nd AppleID signed in.

    #!/bin/bash

USR=`defaults read /Library/Preferences/com.apple.loginwindow.plist lastUserName`

AppID=`/Users/$USR/Library/Preferences/com.apple.commerce.plist`

store=`/usr/libexec/PlistBuddy -c "print KnownAccounts:0:identifier" /Users/$USR/Library/Preferences/com.apple.commerce.plist`

    echo "<result>$store</result>"

exit 0

    Just my 2¢

      N
      Forum|alt.badge.img+5
      • nadams
      • Author
      • Contributor
      • November 2, 2017

      @easyedc That gets me closer, but doesn't link the specific app to the username. It is good to know that we can at least narrow the list down a bit. Thank you!

      easyedc
      Forum|alt.badge.img+16
      • easyedc
      • Esteemed Contributor
      • November 2, 2017

      @nadams Digging through some stuff, @magervalp has some posts related about what you can actually gleam from the MAS receipt. You may be able to dig through receipts and find it? https://magervalp.github.io/2013/03/19/poking-around-in-masreceipts.html

      N
      Forum|alt.badge.img+5
      • nadams
      • Author
      • Contributor
      • November 2, 2017

      @easyedc Thanks for that bit of info... I think we're going to take a step back and just identify the machines his ID has been used on, and then look at them individually.

      I could use a bit of help with your script though, as I was trying to run it manually and it didn't seem to work. Can you explain what you mean by "an EA"? Am I just meant to take your text and run it as a script and it'll work? I'm also wondering what "/usr/libexec/PlistBuddy" is referencing.

      Thanks for any help you can provide.

      S
      Forum|alt.badge.img+8
      • StoneMagnet
      • Contributor
      • November 2, 2017

      @nadams An EA is an Extension Attribute, and EAs allow you to add fields to the inventory data for your computers. One of the ways to collect the data for an EA is a script that will run each time the computer checks in with the JSS. You define EAs in the Computer Management - Management Framework settings on your JSS console.

        easyedc
        Forum|alt.badge.img+16
        • easyedc
        • Esteemed Contributor
        • November 2, 2017

        @nadams 

        /usr/libexec/PlistBuddy

        is the binary executable that can interact with .plist files in terminal. so what my script does is read the contents of the .plist stored at 

        ~/Library/Preferences/com.apple.commerce.plist

        and makes it something that can be used via script.

          N
          Forum|alt.badge.img+5
          • nadams
          • Author
          • Contributor
          • November 3, 2017

          @easyedc Is PlistBuddy something that I have to distribute out to all the Macs ahead of time? Nevermind... I see that it's included in the OS.

            N
            Forum|alt.badge.img+5
            • nadams
            • Author
            • Contributor
            • November 3, 2017

            @easyedc Sorry to keep bothering you about this. I have everything set up, and started receiving my first inventory results. What I'm finding is that only the first account listed in the PLIST file is being reported. Any subsequent accounts are not shown in the inventory view. Any thoughts?

            easyedc
            Forum|alt.badge.img+16
            • easyedc
            • Esteemed Contributor
            • Answer
            • November 3, 2017

            Doing some playing with defaults, which doesn't produce as pretty a result as PlistBuddy, I got this going fairly easily with the following: 

            /usr/bin/defaults read ~/Library/Preferences/com.apple.commerce.plist KnownAccounts | grep identifier | awk '{print $NF}'

            which produces all the signed in accounts but does leave some extra characters, but you can work around that.

            "email1@me.com";
"email2@gmail.com";

            You'd need to clean it up some to fit your situation, probably would look something like this

            #!/bin/bash
USR=$(defaults read /Library/Preferences/com.apple.loginwindow.plist lastUserName)
store=$(/usr/bin/defaults read  /Users/$USR/Library/Preferences/com.apple.commerce.plist KnownAccounts | grep identifier | awk '{print $NF}')
    echo "<result>$store</result>"
exit 0

            I didn't test this, but just sort of cobbled together based off what I think would work. Try. Test. Modify.

              easyedc
              Forum|alt.badge.img+16
              • easyedc
              • Esteemed Contributor
              • November 3, 2017

              and actually... you sent me down a path. try this

              defaults read ~/Library/Preferences/com.apple.commerce.plist KnownAccounts | grep identifier | awk '{print $NF}' | sed 's/"//g ; s/;//g'

              and clean it up to work for the EA.

                N
                Forum|alt.badge.img+5
                • nadams
                • Author
                • Contributor
                • November 3, 2017
                #!/bin/bash USR=$(defaults read /Library/Preferences/com.apple.loginwindow.plist lastUserName) store=$(/usr/bin/defaults read /Users/$USR/Library/Preferences/com.apple.commerce.plist KnownAccounts | grep identifier | awk '{print $NF}') echo "<result>$store</result>" exit 0

                @easyedc Thank you so much for your help. This actually worked perfectly to return the accounts. I'm not really concerned that they're separated by a semicolon as well as in quotes for the purposes of this discovery... I might work to clean it up using the other information you posted, but I was under a lot of pressure to get this working immediately.

                I will freely admit that I know very little about scripting or really Unix commands in general... grep/awk/sed are basically a foreign language that I need to start learning.

                Thank you again!

                easyedc
                Forum|alt.badge.img+16
                • easyedc
                • Esteemed Contributor
                • November 3, 2017

                FWIW I went ahead and cleaned it up for my own uses. Here's what I have

                #!/bin/bash
USR=$(defaults read /Library/Preferences/com.apple.loginwindow.plist lastUserName)
store=$(/usr/bin/defaults read  /Users/$USR/Library/Preferences/com.apple.commerce.plist KnownAccounts | grep identifier | awk '{print $NF}' | sed 's/"//g ; s/;//g')
echo "<result>$store</result>"
exit 0
                J
                Forum|alt.badge.img+17
                • joshuasee
                • Valued Contributor
                • November 7, 2017

                And now let me throw my hat in the ring:

                #!/bin/bash

lastusr=$(/usr/bin/defaults read /Library/Preferences/com.apple.loginwindow.plist lastUserName);
store=$(/usr/libexec/PlistBuddy -c "Print PrimaryAccount:0:1:identifier" /Users/${lastusr}/Library/Preferences/com.apple.commerce.plist);

echo "<result>${store}</result>"

exit 0

                I came up with this variant since reading KnownAccounts instead of PrimaryAccount seemed to get it wrong if a given user had logged in and out of the MAS. Is there a case I'm not thinking of where reading PrimaryAccount wouldn't work?

                <pedant mode>Also, I would point out that user home folders aren't always in /Users/ , and EAs should account for this.</pedant mode>

                Terms & ConditionsCookie settingsAccessibility statement