Polonetsky, of the Future of Privacy Forum, which helps developers establish privacy practices, suggested that irresponsible privacy practices threaten innovation as much as clumsy regulation does. "The data that's there has been what's allowed [developers] to do really cool things," he said. "But if data is your fuel, you better treasure it, or you might lose access to it in the future."
Sebastian Holst, a mobile apps developer and the chief marketing officer at PreEmptive Solutions, put it this way: "Absolutely collecting personal data is a means to fuel business. Labor is great fuel for business, too, but does that mean child labor is okay?" Regulation of mobile privacy is just as necessary as child labor laws, he said.
Both Holst and the California attorney general characterized the belief that users must choose between protecting their privacy and accessing innovation as "a false choice."
Most privacy experts agreed that when asked, users will usually agree to share their private information with apps when the apps offer them value in return. But asking is essential, as the mobile social network Path -- which markets itself as a more private social network than Facebook -- discovered earlier this month when bloggers and users flogged the company for grabbing and storing users' contact lists.
"It's been good practice for apps to prompt the user," explained researcher Soltani. "It's like having privacy manners."
He gave the analogy of grabbing a soda out of the fridge at someone else's house. Doing so without asking would provoke irritation, but when asked, "Most people would say yes."
The Path brouhaha showed another level of social ineptitude as well. When they learned what Path was doing with the data, coders and privacy experts alike wondered why the app maker hadn't bothered even to encrypt the information. Polonetsky called it "clueless behavior."
But because users rarely read privacy policies, experts, including Justin Brookman of the Center for Democracy and Technology, suggest that getting meaningful consent from users to share their data will require a more interactive form of notification -- a matter that poses significant logistical challenges given the tiny screen size of the mobile phone and the fact that users quickly tire of pop-up windows.
But some responsible practices are relatively straightforward. Limiting applications' access to user data to those bits of information that improve the user experience would ensure that the benefits businesses derive from data streams go to those who provided the raw material, experts said. It would also limit the surprise factor when users learn, for example, that a photo application accesses their microphone.
Others proposed limiting how long personal data can be stored and when it can be sold to advertisers.
Calo, of the Center for Internet and Society, also thinks lawmakers will have to expand the definition of what constitutes harm and use it to evaluate when regulations and/or sanctions are necessary.
The most important aspect of the agreement in California is that the platform operators "will send a signal to developers saying, look, privacy is important, you need to address it," Calo said -- though critics of Google's own privacy practices may find it a less-than-ideal messenger.
But as users become more educated and lawmakers are increasingly willing to regulate digital privacy, software companies big and small will be spurred to make the trade-off with users more transparent -- and possibly juicier. Tech companies benefit from "your private data," said Brian Blau, an analyst at Gartner. "So they're going to give you a good deal. In the future they may have to give you more value."
Some app makers could change more radically.
"We have to be careful not to think that the way we are doing things is the way they have to be done," Calo said. Targeted advertising currently draws on consumer data stored on advertisers' servers, but it could happen "on the client," he said. It's one of any number of ways users could get more control over their data.
Developer Holst argued that seeing consumer data as software's only value actually puts a drag on innovation. "There's tons of innovations that could be happening," he said, "but because the only check that's being written is for personal information, it's not."
Even so, Blau predicts that "During this period when technology is advanced enough to take advantage of the data, and until the laws catch up," mobile apps will continue "to catch as much data as they can get away with."