PrivTAP: A Usable Privacy Assistant for Trigger-Action Platforms

Abstract

Trigger-Action Platforms (TAPs) such as Home Assistant, IFTTT, or Zapier integrate various services and devices into small “If Trigger Then Action” automations, also called applets. These applets often handle private messages, location data and otherwise sensitive data records. In addition, applets are often created by third parties without clear visibility as to which services control what data. State-of-the-art mobile operating systems (e.g. Android, iOS, GrapheneOS) face a similar problem with apps. They tackle the issue by disallowing access to any resources by default and asking for permissions just in time. For example, when a maps-application first requests location access, the OS interrupts the app and asks the user to grant permission. In contrast, trigger-action applets may get triggered at any time, not necessarily while the user is actively using a device. This complicates permission requests and might make just-in-time permissions impractical in certain scenarios. Accommodating TAP users’ privacy needs without breaking automations requires a novel approach. We propose privTAP, a personalized and semi-automated privacy assistant for TAPs. The assistant requires explicit user consent for each resource requested on a per-applet basis. PrivTAP also lets its users choose a privacy profile corresponding to their general privacy needs. These profiles are used to make tailored suggestions for privacy decisions with the aim of making the user interaction seamless.