IoT devices are surveillance devices, and manufacturers generally use them to collect data on their customers. Surveillance is still the business model of the Internet, and this data is used against the customers' interests: either by the device manufacturer or by some third-party the manufacturer sells the data to. Of course, this data can be used by the police as well; the purpose depends on the country.
None of this is new, and much of it was discussed in my book Data and Goliath. What is common for Internet companies is to publish "transparency reports" that give at least general information about how police are using that data. IoT companies don't publish those reports.
TechChrunch asked a bunch of companies about this, and basically found that no one is talking.