That is the hope. But who to trust? Not to mention, some apps already have the permissions for their legitimate use cases, so why not just pick one of those? It may not even require a client update, just requisition of the data from the company. The underlying idea is that smartphones are safer, but they are still software, and your trust points are spread very thin over literally hundreds of people and companies. All of this, blasting across the internet and into dozens of other peoples servers daily. It's hard to consider it secure.