Of course what we really need for IoT devices is for them not to need to talk to the mothership at Google, Amazon, Apple, or their chinese equivalents.
I bought an IoT power switch recently that would only work when used through the prescribed app. That app sent my requests of to a server in china which was also connected to the device. Coincidentally the app also insisted on knowing my GPS coordinates from the phone. This means that there exists, somewhere in the chinese part of the cloud, a database of devices and exactly where they are located in the world and the means to turn them off and on. Very scary. I wanted to name my switch 'nuclear reactor purge' but my wife wouldn't let me!
The problem is that most people don't have any sort of infrastructure at home that could happily manage this sort of thing in a well protected way (register readers excepted!). The easy answer for lazy manufacturers to get a product to market is to run a central server somewhere to manage things for everyone. It also allows them to think of ways to monetise all their connected customers sometime in the future.
The proper answer is for someone to build a suitably simple piece of hardware kit that everyone can have in their home that can manage their own devices without recourse to servers in some undefined part of the world. It would have to be based on open standards so there would be multiple compatible implementations from different vendors using different chipsets. Builders of IoT would need to support the same standards.
Wishful thinking I know. Standardised protocols are only the beginning of a very long path to enlightened happiness.