Is this news any more? People purchasing technology/devices have a budget, they'll buy what they can afford. They'll also configure it/secure it/expect it to perform in line with their knowledge of the market/devices abilities.
How to move forward? Does it require government intervention to specify a level of software design? If so then people will just buy else where because it'll be cheaper and have a 'tested secure' forged badge on it. Is more education/training needed at school level for users to understand about privacy and control? That in turn would lead to more questions/considerations when making a purchase.
My opinion is that the recent development of technology and its relative cost (cheapening by the day making it more accessible) will plateau out and other considerations (design/function/security) will become more prevalent.
The world is changing, people who exploit are the ones who ensure they keep up with technology. Everyone else gets caught up in the next best thing which isn't, as most of us know, actually that great. I estimate a few years for this type of vulnerability to reduce, by then something else will have come along