IFTTT is a platform that allows users to create applets for connecting smart devices to online services, or to compose online services, in order to provide customized functionalities in Internet of Things scenarios. Despite their flexibility and ease-of-use, IFTTT applets may create privacy risks for users, who might unknowingly share sensitive information with a wider audience than intended. In this paper, we focus on privacy issues related to the sharing of pictures through IFTTT applets. We propose a framework to detect when IFTTT applets violate user’s privacy, both at design-time and run-time, based on the visibility and sensitivity of shared data. We have realized two prototypes implementing the framework, a browser plugin to detect design-time privacy violations and an online service to detect run-time privacy violations. We evaluate the online service using an IFTTT applet for posting to Twitter new pictures uploaded in Google Drive.