The permission system in the SmartThings platform governs how apps access devices. The system was designed to protect devices from third-party apps, by forcing apps to access devices through their capabilities. Design flaws in the system result in apps being over-privileged with unauthorized capabilities. This vulnerability represents serious security challenges to this platform and its users. ChYP is an automated tool that can identify common patterns for the over-privilege vulnerability in SmartThings apps.