The Privacy Commissioners Office has been calling for proper fines for data breaches for YEARS.
Not a single muppet in the beehive has even given it a thought, from what i can tell.
The current maximum penalty is $10000.
Australia has their maximum penalty set to $50 million.
In the majority of cases the Apps are built or mainained by third parties who now additionally have access to your personal information, such was the case with a recent Railway travel app in Europe that revealed customers info and even Passport copies.
That is, among other things, why it is inherently a vulnerability.
In my area government services, medical processing, and utility companies can be managed either via website, phone, or in person. There has been a push lately for apps but I never sign off on any such disclosures and never use such apps. I would sue long before I considered it.
You comment reeks of nihilistic defeatism.