With the ever-increasing user base of IFTTT as of late, questions of whether the service is safe to use have been cropping up a lot.
With some smart home integrations requiring IFTTT to work properly, this can be a major cause of concern.
Having been a long-term user of IFTTT and other no-code macro task services, I figured I end the query by writing this one-stop article on whether IFTTT is safe.
IFTTT is a safe application to use as it is bound by the data protection laws of the regions to which it provides its services. But like any internet-reliant service, there are privacy and security loopholes that can be possibly exploited by external attacks.
What Is IFTTT?
IFTTT, or If This Then That, is an application that lets you program certain functions on your smartphone or tablet, depending on certain conditions that you preset.
Simply put, it follows two strict paths to fulfill conditions, like its name abbreviated:
- If This, commonly termed the trigger.
- Then That, commonly termed the action.
A trigger can be user programmed to any action, such as you enter your home or office.
The action is the user-programmed result of what happens when the trigger activates, such as your smart lights turning on.
When combined together, IFTTT lets you auto-program your smart lights to turn on when you enter your home or office.
This combination of action and trigger is what IFTTT natively calls an applet, and these applets are completely customizable based on your liking.
The best part is that you don't need to write any code or script for all this, as the app is laid out in a very macro and user-friendly manner.
The benefit of using IFTTT over other similar services is that IFTTT allows you to custom program tasks directly from inside a supported app too.
This means that IFTTT can act as an intermediary and provide you with smart integration capabilities between two apps or services without any official integration.
A great example of where such an implementation helps is the integration of the Blink app with Samsung's Smart Things.
There are more than 700 apps and services that currently support IFTTT.
Since IFTTT is an intermediary service, almost all of those apps are compatible with the rest of the ensemble, on top of its basic trigger and action functionality.
All in all, this makes IFTTT one of the most powerful applications you can have on your smartphone or tablet if you have compatible devices or services.
Privacy Concerns for IFTTT
With great power comes great responsibility, and this has triggered a major concern for privacy amongst users, with some even abandoning the service altogether.
A sigh of relief is that IFTTT is not owned by some shady company or individual, and is legally obligated to protect the data that it collects.
But there still lies a few factors that act as obstacles for users before they make their jump to IFTTT.
Data Tracked by IFTTT
Here are the key permissions that IFTTT asks you for in order to run their applets optimally on your smartphone or tablet:
|Location||To access location data|
|Camera||To access the device camera and photos|
|Contacts||To access contact details|
|Phone(Android only)||To access call logs|
|Storage(Android only)||To access the photo library|
|SMS(Android only)||To read and send SMS|
IFTTT is a service that essentially controls the functions of your smart devices with full authority.
With such a responsibility, you are very much required to provide a lot of information and basic admin rights to the application to perform its job optimally.
The added integration benefits with third-party services also mean you will have to share even more data with the service.
So trust plays a key component in such an information-dense playground.
IFTTT explicitly states that the data for the permissions enabled will be utilized only when you specifically enable the permission for it.
Of course, thanks to the later versions of Android and iOS you can choose which permission you can enable and disable based on your preferences.
But if you wish to run an applet that utilizes the location of your device, you will have to enable permission for it without many workarounds.
Metadata Tracked by IFTTT
IFTTT, like any internet-based service, does track user metadata from the device you use IFTTT on, as well as the third-party apps it is linked to.
- Full name of the user.
- Mailing address.
- Email address.
- Telephone and mobile number.
- Credit or Debit card transaction details (not the cards, just the transaction information).
- IP address and device identifiers.
- Web browser information and browsing history.
- Device user content and usage information.
- Page statistics, cookies, and tracker information.
- Log data.
This information is stored on their servers, and IFTTT claims that it uses the data to provide better software updates and user experience.
Although there are a lot of loopholes in such statements, it is to be noted that IFTTT claims it has taken notes from the European GDPR for a more privacy-enabled experience.
European GDPR (General Data Protection Regulation) is one of the most, if not the best privacy and security data protection laws in the world.
It imposes strict obligations on organizations that target the user base of the EU region.
But nowhere does it explicitly state that their servers are based in the EU region, therefore those privacy laws are probably only applicable to IFTTT users in the EU.
That being said, they are still legally bound by the data protection laws in the country to which they provide their services to.
In fact, this legal obligation can be a double-edged sword in some cases too, as some countries can ask IFTTT to share the data with the government.
You can check out the privacy and security policy of IFTTT here.
Security Concerns for IFTTT
Privacy and security, despite many claiming they are synonymous with each other, are two different things.
Sure, they are interconnected and go hand in hand in a lot of scenarios, but they couldn't be any more different.
Privacy refers to the user's control over their personal data. This personal information can be anything that is classified as a factor that determines your identity.
If a service steals this personal information without your consent, then that service is a threat to your privacy.
Security is more like the shield that is used to protect that user data, such as encryption standards and secure transaction environments.
Data Encryption Standards
Speaking of data encryption standards, it is a vital component that needs to be addressed when it comes to the security of your user data.
IFTTT claims that all the user data stored on their servers are encrypted using the SSL software.
Secure Socket Layer (SSL) is a widely used encryption protocol used in order to protect user data, which binds the user data to the public and private keys.
Anyone without access to the key will only see a garbled mix of random characters, thus enhancing the security of the user data.
But IFTTT doesn't state anywhere what level of encryption they use to protect the user data.
Also, the encryption does not happen locally or on the user's end, so there is a chance for unencrypted data to leak in case of a hacking attack.
But this is not a feasible deal, as local encryption takes a toll on system resources.
This can be a huge deal breaker for a lot of folks, but in the end, it doesn't affect the total structural integrity of the security protocols in place.
IFTTT Source Code
A huge cause of concern for a lot of privacy-focused folks is that IFTTT is a closed-source application, meaning its source code is not available for public viewing.
This means that the company can add malicious codes to the application, and the users will never know they are being targeted.
But the key thing to note here is that just because the source code is closed doesn't mean that the app is malicious.
Opening the code for public viewing can be a detriment to their business, as anyone could copy the app and claim rights to it.
This also ensures that the company can enhance the security of the application several folds, compared to its open-source alternatives.
Also, let's not forget the fact that they are legally bound to user data protection laws, so it could result in the demise of the brand if such a malicious act were to happen.
How to Protect Your Data on IFTTT
Now that you know the gist of how IFTTT values the privacy and security of the users and their data, let's move on to how you can protect your data from a hacking attack.
These are just minor steps that we can take from our end in order to add to the robustness of the security and privacy measures in place.
Set Up Two Factor Authentication
2FA or Two Factor Authentication is an extra layer of security to your IFTTT account, by requiring you to input a verification code along with the password during login.
This code is temporary and will be sent as an SMS or to an authenticator app of your choice as per your preference.
IFTTT does recommend you use an authenticator app if you are in the US, as many US cellular carriers are not supported.
It is best to stick to the authenticator app even if you are outside the US, as even though SMS is convenient, it is very insecure.
In order to set up 2FA for your IFTTT account, follow the steps below:
- Log in to your IFTTT account. It is best to use the app's web version on a computer.
- Click on your profile icon and navigate to the Account settings.
- Click on Enable Two-step verification.
- Confirm your password on the resultant page.
- Choose your verification method as per your preference.
- IFTTT will provide you a backup code, in case you can not log in with your verification credentials. Make sure to note it down in a safe place.
Change Passwords Regularly
Changing your passwords regularly can make it harder for hackers to gain access to your accounts.
Even during a rare case of a data leak, you can ensure that your password is still private to you and nobody can access your IFTTT account and details.
I hope my article on whether IFTTT is a safe service to use has been a helpful read and has aided you with the same.
Have a good day!
Frequently Asked Questions (FAQ)
Is IFTTT free to use?
IFTTT has a free plan that lets you create 5 applets per account. But if you want to run more applets with more features at better speeds, you will have to subscribe to their IFTTT Pro or Pro+ plans
How to get my IFTTT 2FA backup code if I lost it?
Unfortunately, if you have lost your backup code to your 2-factor authentication, and if the authentication doesn't work there is no way to retrieve the backup code
IFTTT does not store the backup code anywhere, and you will lose access to that particular account forever. You can push a request to IFTTT to delete the account in order to create a new one later.