What to Look For and What to Avoid

Health and wellness apps can help you track fitness goals, manage chronic conditions, access mental health support, and even consult with medical professionals remotely.

Although these tools offer convenience and accessibility, they aren’t always reliable, and data privacy and medical accuracy aren’t guaranteed.

It’s important to understand how to evaluate these apps, what regulations apply, and how to protect your data.

Before downloading and using any health app, take the following steps to evaluate its credibility:

Start by researching the developer or organization behind the app. Understanding who created it and why can help you determine whether it’s a credible source of information or a legitimate health tool.

Reputable health apps are often created by:

• colleges and universities
• government health agencies
• nonprofit healthcare organizations
• patient advocacy groups

Use caution with apps created by an organization, company, or individual selling a product or service. Avoid apps from unknown developers without transparent credentials and affiliations.

Reputable apps support claims with established clinical guidelines, peer-reviewed research, and other scientific evidence. Avoid apps that promote unproven treatments or rely solely on anecdotal claims.

Contributors should be accurately represented with up-to-date credentials that communicate their role and expertise. Healthcare services can only be provided by licensed professionals.

Third-party reviews can uncover privacy concerns, misleading claims, or technical flaws that developers may not disclose.

• medical journals
• health tech publications
• professional associations

Avoid apps that promise to cure, treat, or diagnose conditions but do not provide scientific backing or professional oversight.

Be cautious with apps that make sweeping health claims, promote miracle cures, or discourage proven medical treatments.

Some apps gather far more data than needed to function, which increases the risk of misuse or exposure.

Before installing, check the “Permissions” section in the app store listing. After installing, go to your device’s settings:

• On iOS: Settings > Privacy > App Permissions
• On Android: Settings > Apps > App Permissions

If permissions go beyond what’s needed for the app to function, look for alternatives.

Many health apps sell or share data with advertisers, data brokers, or analytics companies, which can lead to targeted ads, profiling, or worse.

If the app shares data with advertisers and doesn’t offer an opt-out option, it’s best to delete it.

Apps that haven’t been updated in several months may have unresolved security vulnerabilities or outdated medical guidance.

• In the App Store: Scroll down to “Version History”
• In Google Play: Scroll to “About this app” > “Updated on”

Regular updates are a sign that the developer is maintaining the app, fixing bugs, and keeping security protections up to date.

Before trusting an app with personal health information, check for past security incidents:

Avoid the app if the developer failed to notify users or did not take steps to improve after a breach.

The FDA only regulates apps that qualify as medical devices, meaning they are intended to diagnose, treat, cure, or prevent a disease and pose a risk if they fail.

Apps that require regulation typically include:

• digital ECG readers
• insulin dose calculators
• diagnostic imaging tools

Apps that fall outside the FDA’s oversight include:

• general wellness tools like fitness trackers or meditation apps
• lifestyle or nutrition journals
• period or ovulation trackers

If an app makes a medical claim — especially one related to diagnosis or treatment — check whether it has FDA clearance or approval. This information should be available on the developer’s website or in the app description.

Most consumer-facing apps — especially those that operate independently of a medical provider — fall outside HIPAA’s jurisdiction.

In these cases, your data is only protected by the company’s own privacy policy and by general consumer protection laws.

To find out whether HIPAA applies, check the app’s terms of service and privacy policy.

You can take practical steps to safeguard your health information while using wellness and medical apps.

The privacy policy should explain what data the app collects, how it’s stored, whether it’s shared with others, and what control you have over it.

Avoid apps that do not publish a privacy policy or that include vague language about third-party sharing.

Make sure the app supports password protection, biometric authentication (like fingerprint or facial recognition), and encryption.

If possible, enable two-factor authentication and secure your device with a lock screen to prevent unauthorized access to your data.

When installing the app, check what permissions it requests. Be cautious with apps that want access to your:

• camera
• call logs
• location
• microphone
• saved contacts

Grant access only to features the app needs to function properly. You can toggle these settings on and off at any time.

Use iOS’s App Privacy Report or Android’s Permission Manager to check what data the app accesses and how often. This helps you spot apps that collect more data than expected.

Some apps or companies may notify users of data breaches, but not all do. Consider using identity theft protection tools if you share sensitive information with health apps.

Health and wellness apps can support your personal goals and medical needs, but not every app deserves your trust.

Always review the developer’s credentials, verify any medical claims, determine what regulations may apply, and take steps to secure your personal data.

By carefully selecting apps that meet privacy, security, and clinical standards, you can make the most of digital health tools without exposing yourself to unnecessary risks.