It seems to me that organisations such as Google and Apple need to make their software application testing far more stringent with more emphasis on securing their customers personal data.

Security controls on apps should be tied down by default, asking for our permission to access personal data not the other way around!