What to Look For and What to Avoid

Health and wellness apps can help you track fitness goals, manage chronic conditions, access mental health support, and even consult medical professionals remotely.

Although these tools provide convenience and accessibility, they are not always reliable, and data privacy and medical accuracy are not guaranteed.

It’s important to understand how to evaluate these apps, what rules apply, and how to protect your data.

Before downloading and using any health app, take the following steps to evaluate its credibility:

Start by researching the developer or organization behind the app. Understanding who created it and why can help you determine if it is a reliable source of information or a legitimate health tool.

Reputable health apps are often made by:

• colleges and universities
• government health agencies
• non-profit healthcare organization
• patient advocacy group

Be careful with apps created by an organization, company, or individual selling a product or service. Avoid apps from unknown developers without transparent credentials and affiliations.

Reputable apps back up claims with established clinical guidelines, peer-reviewed research, and other scientific evidence. Avoid apps that promote unproven treatments or rely only on anecdotal claims.

Contributors should be accurately presented with up-to-date credentials that communicate their role and expertise. Health services may only be provided by licensed professionals.

Third-party reviews may uncover privacy concerns, misleading claims, or technical flaws that developers may not disclose.

• medical journals
• health technology publications
• professional association

Avoid apps that promise to cure, treat, or diagnose conditions but do not provide scientific backing or professional oversight.

Be wary of apps that make sweeping health claims, promote miracle cures, or discourage proven medical treatments.

Some apps collect more data than is necessary to function, increasing the risk of misuse or exposure.

Before installing, check the “Permissions” section in the App Store listing. After installing, go to your device’s settings:

• On iOS: Settings > Privacy > App Permissions
• On Android: Settings > Apps > App Permissions

If the permissions exceed those required for the app to function, look for alternatives.

Many health apps sell or share data with advertisers, data brokers, or analytics companies, which can lead to targeted advertising, profiling, or worse.

If the app shares data with advertisers and doesn’t offer an opt-out option, it’s best to delete it.

Apps that have not been updated for several months may contain unresolved security vulnerabilities or outdated medical guidance.

• In the App Store: Scroll down to “Version History”
• In Google Play: Scroll to “About this app” > “Updated”

Regular updates are a sign that the developer is maintaining the app, fixing bugs, and keeping security protections up to date.

Before trusting an app with personal health information, check for past security incidents:

Avoid the app if the developer failed to notify users or did not take steps to remediate after the breach.

The FDA only regulates apps that qualify as medical devices, meaning they are intended to diagnose, treat, cure, or prevent a disease and pose a risk if they fail.

Apps that require regulation typically include:

• digital ecg reader
• insulin dosage calculator
• diagnostic imaging equipment

Apps that fall outside FDA oversight include:

• general health tools like fitness trackers or meditation apps
• lifestyle or nutrition magazines
• period or ovulation tracker

If an app makes any medical claims – especially related to diagnosis or treatment – ​​check whether it has FDA clearance or approval. This information should be available on the developer’s website or in the app description.

Most consumer-facing apps – especially those that operate independently from the medical provider – are outside the jurisdiction of HIPAA.

In these cases, your data is protected only by the company’s own privacy policy and general consumer protection laws.

Check the app’s terms of service and privacy policy to find out if HIPAA applies.

You can take practical steps to keep your health information safe when using wellness and medical apps.

The privacy policy should explain what data the app collects, how it is stored, whether it is shared with others, and what controls you have over it.

Avoid apps that don’t publish a privacy policy or that include vague language about third-party sharing.

Make sure the app supports password protection, biometric authentication (like fingerprint or facial recognition), and encryption.

If possible, enable two-factor authentication and secure your device with a lock screen to prevent unauthorized access to your data.

When installing an app, check what permissions it requests. Be careful of apps that want access to you:

• camera
• call log
• Place
• microphone
• Saved Contacts

Provide access only to features that are needed for the app to function properly. You can turn these settings on and off at any time.

To check what data an app accesses and how often, use iOS’s App Privacy Report or Android’s Permission Manager. This helps you detect apps that collect more data than expected.

Some apps or companies may notify users about data breaches, but not all do. Consider using identity theft protection tools if you share sensitive information with health apps.

Health and wellness apps can support your personal goals and medical needs, but not every app deserves your trust.

Always review the developer’s credentials, verify any medical claims, determine what regulations may apply, and take steps to secure your personal data.

By carefully selecting apps that meet privacy, security, and diagnostic standards, you can get the most out of digital health tools without exposing yourself to unnecessary risks.