Fix the leaking tap: A survey of Trigger-Action Programming (TAP) security issues, detection techniques and solutions

The Internet of Things (IoT) connects all emerging devices and services while creating interactions between people and things. Allowing users to match devices and services by causal relationship, Trigger-Action Programming (TAP) is a common user-programming paradigm in IoT smart home platforms. Thus, the security issues of TAP need to be addressed to ensure the privacy and security of data and human safety. This paper summarizes the existing literature on 1) security issues caused by different types of logical errors found in TAP rules and the vulnerabilities on well-known TAP platforms, and 2) the corresponding detection techniques and solutions that are classified based on different types of approaches adopted (e.g., Model Checking and Natural Language Processing). Finally, we summarized the datasets from literature or publicly available on the Internet in a separate section for potential reference of future TAP security research.