We reviewed the privacy practices of 20 popular consumer health apps — fitness trackers, period-tracking apps, sleep apps, mental health apps, telehealth platforms. Specifically: what data they collect, where they share it, whether they obtain affirmative consent, and what controls users actually have.
The pattern
Most health apps share something with third-party analytics or advertising. The variation is in what, with whom, and how visibly disclosed. The apps that scored well on privacy generally:
- Use end-to-end encryption for sensitive content (especially mental health and reproductive)
- Provide a real preference center where users can disable specific data-sharing categories
- Have a clean data-deletion flow that actually removes the data, not just deactivates the account
- Don’t embed tracking pixels from Meta or Google on screens that contain health context
The ones that scored poorly
Apps that failed our audit shared categorized health data (e.g., specific cycle phase, specific mood log, specific prescription category) with ad networks via tracking pixels, embedded SDK telemetry, or third-party analytics tools. Several have since faced FTC enforcement actions over the same practices.
Full ranked list coming soon.