Listing the ingredients for IFTTT recipes.

The Internet of Things (IoT) is increasingly connecting the most intimate parts of our daily lives to the Internet via connected ecosystems of hardware and software products. However, how these ecosystems operate and, in particular their impact on user privacy remains an open question. In this paper, we explore this question by analysing IFTTT, a popular task automation platform based on trigger-action programming. Through IFTTT, end users can easily create applets, aka recipes, that glue different IoT devices and online services together. While IFTTT brings many online services together, such as social media and mobile applications, its use for IoT automation is appealing for many users. Hence, analyzing the IFTTT ecosystem over time, enables us to study IoT trends and adaptation rate in realuser settings. In this paper we describe the IFTTT evolution by analyzing two existing IFTTT data sets and compiling a recent data set of its services and applets. This analysis exposes new platform characteristics and trends. Our data set, which was collected in October 2021, contains data about 694 services, 50 898 applets, and 7 003 endpoints. It also contains data about the information exchange in the platform via ingredients. In addition, we identify applets that might impose privacy risks for their users by detecting sensitive information flows in the system. We find that almost 30% of installations in the platform involve applets that utilize privacy-sensitive information such as users' personal information, location, and health data. This trend is consistently present in the three analyzed data sets and, disturbingly, increases over time.