Re: someone can tell me
You'd need a team of auditors to screen applications for spyware - the job is too big to do it yourself. This auditing could be open source (for apps whose developers wish to disclose the source code to all and sundry including competitors), or could be run by a company that uses its business model (hardware sales plus hefty percentage of app store sales) as a differentiator to Google's (data collection to fuel advertising). You'd have to pay a bit more upfront for the latter, and even more so if you use the same administration software that sensitive organisations use (e.g Blackberry Suite for iOS).
Auditing the source code is time consuming and thus unfeasible (remember how long it took a team to audit TrueCrypt) but I guess a middle ground might be crowd-sourced monitoring - i.e, everyone inspecting packets sent from a phone with 'Bob's Scientific Calculator' installed against a control. However, this would only catch the trawlers, not the tailored attacks.
Another approach is to spoof the data harvesters with false information as Safari has done for a few years now. It's still cat and mouse, but at least you're denying them the low hanging fruit.
Biting the hand that feeds IT
