User Perception of Risks Associated with IFTTT Applets: A Preliminary User Study

Trigger-Action Platforms (TAPs) enable users to define rules that trigger device operations automatically. However, the execution of these rules can potentially create security risks for users. This paper presents a user study conducted to assess the validity of a classification model, which used Natural Language Processing (NLP) techniques to automatically classify Event-Condition-Action (ECA) rules according to security and privacy risks in TAPs, e.g., IFTTT. The study asked each user to evaluate 50 different IFTTT rules, named applets, classified as risky by the proposed model and provide answers to two specific questions designed to assess risk perception. The results confirmed that the proposed classification model offers an assessment of the risk associated with a rule in line with user opinion. Furthermore, highlighting the presence of security or privacy-related risk positively impacted users' willingness to avoid using risky applets.