What boggles my mind is that the level of sandboxing displayed in Apple's App Store is not really interpretable to me.
I also see something like "the developers indicated they do not collect sensitive information." Yeah, but why would they indicate otherwise if they were malicious parties?
Probably, the only way to get sort of assurance is to choose an open source project, but App Store doesn't guarantee that the code on Github matches the app in the Store.