“We asked them if they could find a way on their own to prevent apps from having access to private info,” Mr. Schumer said. “They were friendly and open to the idea that this ought to be changed.”
Leaving aside the question of whether or not the United States Senate should be investigating things like this, I have to wonder why this issue escaped both Google and Apple for so long.
This is how it should have worked from the beginning: does your user have data that they themselves created (this includes contacts, notes, browser and search history, photos, etc.) and that your operating system provides an API for accessing? Make the user aware and able to intervene when that API is used. Fin.