Positive note from this...
Back in the 90's there was the big argument about "opt-in" vs "opt-out" that the security and technical community were in agreement that "opt-out" was riddled with privacy abuse potential. (Time proved the potential was actually real as marketing even tried to hide opt-out check boxes. And some still make it confusing on purpose.)
Now the discussion has moved to the mobile platforms. Many apps really don't need all of the permissions they require for install. The ability to granularly allow/deny these privileges at install does not currently exist. (Google, Apple, MS, Blackberry are you listening?)
The GPS & timestamping of photos also needs to be a clear option to enable/disable, as this feature has already been used in stalking and home robberies when the images have been shared on certain social media sites that did not strip the data. Consumers simply do not understand the value of their personal information and how it is used to build profiles defining patterns of behavior that is being (not just can be) exploited. So if takes China making noise to further the discussion, regardless of the actual motivation, I call it a good thing overall.
Here is a piece of conceptual IP I am making free to all vendors equally. Call it Personal Privacy Control Panel as a widget. Put the categories of all of the functionality features on the left and list on the right of who is using them with an enable/disable switch/button for each client app and a global on/off for the whole feature. (Like GPS/Service Location, GEO Tagging, Internet access, etc) Make it that simple and people will use it. If apps break because they suddenly can't show marketing ads, then it is up to the developers to write in a notice handler explaining why the app is disabled. People will either up to paid ad-free versions or at least be aware of what they are allowing access to. Tie the API for the panel into the business sandboxing scripting controls to facilitate business IT departments in meeting their requirements to secure devices with access to business resources and IP. Nice and modular. There, I put the concept and basic design out here in the public, use it and don't sue each other about it. This is too important core functionality-wise to block in any way.