"It's really about creating a dialogue between what the product does and what users' expectations are of their choices," agreed Jishnu Menon, data and product counsel at Mozilla.
Companies should also make privacy a central part of their internal ethos, speakers at the conference said. "Recruiting people who care about privacy and embedding them early into the product development process is extremely helpful," said Lookout's Wyatt. "Make privacy part of the company's culture."
Tech companies should also follow their gut. "If it feels wrong, it probably is wrong," TRUSTe's Trilli said.
Those on the regulatory side of mobile privacy issues, meanwhile, are tackling the issue in terms of actual privacy policies, which have sparked their own sets of questions.
The biggest problem consumers have with privacy policies is that it's too difficult to sift through all the legalese to make sense of them, said Morgan Reed, executive director of the Association for Competitive Technology, a trade group representing developers and IT companies.
The policy will depend on the company and the services it provides, she said. "You need to start with the facts of your business," she said.
The California attorney general's office, however, did publish a toolkit for app developers earlier this year which provides step-by-step instructions on what companies should do as they begin to think about privacy concerns and the development of a policy around them.
California's privacy laws are generally viewed as having a major influence on how other states nationwide grapple with the issues surrounding privacy and mobile apps. Its laws also apply to any company that gathers personal information from people residing in that state, regardless of whether the company is based there.
Rather than resorting to subpoenas and enforcement actions, California attorney general Kamala D. Harris is also involved in an ongoing effort to encourage app developers to become compliant with state privacy laws on their own.
Still, some of the most sensitive pieces of information that companies need to think about are credit card numbers, geolocation, and users' contact lists, Travis LeBlanc, California's special assistant attorney general, said.
"Look at these things and figure out if you really need to collect them," he said. "If you don't need it, stop collecting it."
In spite of these recommendations, some conference attendees still craved more concrete guidance.
Sign up for Computerworld eNewsletters.