But that still requires installing their app on a mobile device, and that app will still have invasive access to data and internet, etc. If we have to have an "app" I'd much rather it be a built-in web server (despite the inevitable security decay) that serves up a local-only web interface. Best scenario though is to just give me hardware controls and a simple display :-)
Apps require permissions and they can't just sniff the network willy nilly. Any IoT device on your network has way more access to privacy-related things than apps.