Learn from https
Google have decided that unencrypted connections are bad, they should be doing the same for apps. Any app that requires additional access should have to justify it before an update is allowed on the store. Doesn't stop lazy programmers that want full access on first install (HSBC!) But would be a start.