There's definitely a concern associated with third party applications gaining access to information and using it in ways that individuals aren't aware of. We see that throughout the app ecosystem.
A variety of things could be done. I would identify one of the lower-stake things, which is to ensure that when legitimate, white hat security researchers—groups such as us at the Citizen Lab—look at these sorts of applications, we aren't put in legal liability or jeopardy by looking at them. We have been in the situation previously where we faced litigious organizations on the basis of our security work. We are not trying to break things in order to ruin the Internet; we're trying to do it to keep everyone safe. We're a comparatively well-funded, well-situated organization.
When individuals who engage in this research, and I speak from personal experience, get sued or threatened to be sued once, it's not that security researchers stop doing the work. They keep doing it, but they don't report it. They're not doing it because they want to hack; they do it because that's what gets them going. This is their intellectual curiosity. We need to find a way of helping those people help us, as opposed to making them hide in the shadows for fear of legal liability.