Despite the fact that there's no way to know if the code you're reviewing matches the installed binaries.
Even if the binaries were created with the unmodified binaries reviewed, you would need to review the compiler binaries as well.
Considering that half the apps out there (and I mean benign/legitimate apps!) seem to upload user data without user's knowledge
Half? Try 99% of the top 400 apps on both Android and iPhone. I also seem to remember that Apple got into problems because they were uploading user data without permission.
According to another page, spotify pays $0.0007 per stream. I'm not sure if that's okay or too low a price.
You have got a zero too many there, it is actually $0.007 per stream. As you note, it is difficult to get a handle on what is good enough, partly because all we usually hear is what artists get without any note on how much the label gets.
When the police refuse to do their job, my life is already at risk.
That depends on why the police does not follow up on these thefts. I would expect that the police prioritize which crimes they spend their resources on. So they may ignore pickpockets (and the like) to focus on armed robbery and other violent crime? It could be interesting to find out more about that, though. Especially given that all the evidence is basically served to them on a silver plate, not to mention that following a stolen phone around could give them a wealth of information on the people that do the fencing and reselling.