Will web have to wait till .1 or so version for bugs to be worked out.
Seriously, they need to give users a fine grained application gate on everything. Applications able to see anything including their own use is a willful violation of privacy and security that should be punishable under law by criminal conviction. As a compromise (putting aside the inevitable class action by millions of people that can bankrupt companies) all such anti security spyware reporting activity should anomynously go through google api's so only google knows the source being restricted to non descriptive data. Applications should never be able to see what other applications are doing over such api's, or the app list, except communications to themselves, but failing that they should not be able to see other applications through the api's unless there are 1000 other users using at the moment and never where it is used (for anonymity, you might be the only one on the city). And all such reporting be done on a non unique ID basis, nor session, to stop them working out who it is, like they can on the web at the moment. A number of these things have been suggested already.