Re: What's the true cost ?
I'm not convinced the expense and security is worth it. If you can open the door, or turn on things, it's only a short hack, or an off-by-one error in a customer database somewhere, away from that happening without your will/knowledge.
You're burgled. You tell them the door is under cloud control. There's no other obvious sign of forced entry. (shrug) Uninsured. You have no idea what actually happened or didn't.
And this stuff is going out to the cloud, or your phone wouldn't be working it. And likely even when you're only on local wifi. There was nothing wrong with a local X10 setup but now everything is configured or proxied via cloud-based apps. It just doesn't seem right. The surface area of attack just rose enormously because you have some crappy lightbulb on your 2.4GHz wifi, with all the keys etc. plugged in, and talking home to some random Chinese server to interface with Google Home or whatever.
And though lights and things are fairly harmless, when you start putting heating and other stuff on, you get to the point where things can be extremely expensive and/or dangerous if people can switch them on and off.
I'm a tech guy. If I want a light to go on and off, I'll fit a timer or a PIR that detects movement. If I want the heating to compensate for the patio door, there are literal thermostats that will detect such situations and alert you (even over text if you want). At no point do I need to involve my wifi network, Apple or Google to do such things.
I'm not one of those paranoid "I won't use Chrome" people - I have to trust that Google treat my data in accordance with DPA, GDPR, etc. and anyone who can override that is breaking the law and/or is the law themselves. But the chain of dependency, and the unnecessary third-parties, I just find dodgy.
Then you start adding in cameras, and before you know it, any one of several thousand employees at Google/Apple not only can see your front door and when you left for work, but they know where you hid the key, or have a button to open the door (or even the rear patio), and a mate who lives down the road who's short of money.
Hell, I'm suspicious of airport parking - those people have my name, address, and know exactly when I'll be on holiday and when I'll return. I find that disconcerting. It's not that I don't trust Stansted, but that I have to trust *every* employee in the chain with access to that information, who may never get traced even if they discover they have a major breach of confidentiality on their hands.
Now the guy at Stansted would have to go look at my house and figure out a way in and wouldn't know if I had an alarm, a neighbour staying there, or remote cameras or whatever, so they probably wouldn't take the risk and are no better off than any burglar. But the guy who's got a slog-job at Google or some contractor, has access to all that information and devices and is required to sit at a desk all day doing some boring analysis/customer support work and decides to go rogue? Him I worry about. And his mates.
This stuff is fun and gimmicky. There are uses (don't doubt it - when I get old and infirm, I ain't getting up from the sofa to switch on the light! I've actually argued that all homes should have central-computer-controlled lights, heating, etc. rather than switches and cables pulled through every part of the wall). But the cloud-interjection and run of your local network is unnecessary.
I'm actually more tempted to buy a bunch of dumb remote switches and sensors (433MHz or whatever) and a control module for a Pi and do the logic myself (even have voice control with certain built-for-home-automation distros).