Specifically in terms of crypto, you can mitigate this risk by running your wallets on an air gapped device (i.e. a device which will never have an internet connection). It doesn't matter if the wallet in question is programmed to email your private keys to the devs if it never gains access to the internet. You still have to be careful how you would transfer signed transactions to an internet enabled device though - conceivably the wallet in question could write to a USB (for example) which would then send off the data in question whenever internet access was achieved.