Article Text

Download PDFPDF

Health-related smartphone apps: regulations, safety, privacy and quality
  1. Nasser F BinDhim1,2,
  2. Lyndal Trevena1
  1. 1School of Public Health, University of Sydney, Sydney, New South Wales, Australia
  2. 2Public Health and Health Informatics School, College of Health Sciences, Saudi Electronic University, Riyadh, Saudi Arabia
  1. Correspondence to Nasser F BinDhim, Health Informatics Department, RM 3028, Saudi Electronic University, Riyadh, Saudi Arabia;

Statistics from

Request Permissions

If you wish to reuse any or all of this article please use the link below which will take you to the Copyright Clearance Center’s RightsLink service. You will be able to get a quick price and instant permission to reuse the content in many different ways.

The uptake of smartphones is growing exponentially around the globe.1 ,2 Their use by health consumers and healthcare professionals is increasing.1–4 Smartphone technology particularly impacts on health policy via two new challenges: (1) smartphone app stores can act as mass global media channels to augment or undermine public health efforts and (2) smartphone apps are portals to a multitude of health interventions with unprecedented proximity to health consumers. This paper discusses the issues related to smartphone apps regulations, safety, privacy and quality.


Apps promoting harmful behaviours such as smoking and illicit drug use have previously been identified.5–7 In the case of ‘pro-smoking’ apps, they violated international and local public health laws in many countries, not only through promotion to adults but also by targeting children directly and indirectly.5 ,6 The major stakeholder that can play an immediate and significant role in the regulatory process are the app stores, as they are operating as business entities under, and obligated to abide by, local and international laws.

Providentially, in April 2014, Apple updated its app age rating policy and introduced a new section guiding the process of publishing apps that target children (figure 1).8 In the new policy, Apple provides a table indicating how their rating relates to other media rating standards, such as the ‘Entertainment Software Rating Board’ and ‘Pan European Game Information’.8 However, unlike ratings for video games that are covered by the two previous standards, smartphone apps may include audio, video, books and software combined within one item. Therefore, assessing app content based on video game criteria is potentially problematic, especially for health-related content, as the previously mentioned standards do not also have health-specific rating criteria. Although Apple store policy has a ‘medical/treatment variable’ to its age rating criteria (figure 1), this simply identifies the frequency but not the quality of medical or treatment content. For example, content that may alter consumers’ behaviour toward using specific therapy/treatment or stopping their current one, should have some type of warning about the consequences or the need to consult a healthcare professional before making a decision. Such content also should not be available to children. Accordingly, under the current content rating criteria, such content might be underrated, especially for the youngest age group. For example, the ‘alcohol, tobacco, or drug use references’ item in figure 1 has not prevented the pro-smoking apps or pro-illicit drug apps from targeting children via a misleading age rating.5–7

Figure 1

Apple apps rating screen in which app publishers declare their apps’ content and calculate the age rating.

Nonetheless, Apple has also introduced a new policy entitled ‘Territory-Specific Ratings’ to comply with local laws.8 In the ‘Territory-Specific Ratings’ section, Apple states that “Some countries have more specific ratings requirements for app sales than others. When you describe your app's content, iTunes Connect displays territory-specific ratings and restrictions to help you understand the consequences of including some types of content in your app.”8 This is a welcome initiative but it will be challenging for the Apple app store to integrate all of the content-related laws from hundreds of territories (figure 1). The paradigm governing app stores’ content regulations and policies should include efforts from all stakeholders, including governmental, national and international health regulators, in addition to the app stores. Such multilevel regulations will make it more difficult to identify and exploit loopholes. It will also help app stores to incorporate better territory-specific ratings via facilitating the process of identifying local regulations and policies.


In terms of safety and medical regulation, and authorities’ role in regulating health-related and medical-related apps, there is still a long way to go. For example, the US Food and Drug Administration has only planned to regulate apps that meet the regulatory definition of ‘regulated medical devices’, thus excluding a long list of medical apps that may induce harm to the consumers if the apps malfunction. For example, one recent study found that three of four smartphone apps incorrectly classified 30% or more of melanomas as ‘unconcerning’.9 In addition, there are many apps that help in medication dosage calculations that also could be harmful. Thus, medical regulation authorities, or perhaps health policy makers, should consider establishing some guidelines to allow users to critically appraise health-related smartphone apps. Such guidelines could also feed directly into the app stores’ regulation policies and, consequently, enhance them.


In addition to regulation and safety, privacy policies need to be established. With the increase of health-related apps’ adoption and use, consumers’ health-related data could potentially be available for exploitation in an unprecedented way, especially due to the lack of security measures and standards for exchanging such data. The disclosure of health information via unauthorised use of smartphone apps could lead to individuals suffering social stigma and discrimination.10 For example, the new Apple ‘health’ app can aggregate data from other health apps, medical devices and compatible medical records, and also make the information available to other health apps for access and use. Should such personal health information fall into the wrong hands, without the owner's permission, it could be very harmful. Moreover, the exploitation of consumers’ health data could be generated across multiple country jurisdictions, making it even more difficult to regulate. Furthermore, apps are capable (with or without declared permission, depending on the operating system) of accessing other users’ information, such as phone number directories, location services and cameras, as well as users’ phone numbers, which cause users to be quite exposed and easily identifiable. Although there does not seem to be a user data access policy on the Android operating system, Apple's iPhone operating system has a data access policy and requirements.11 However, by reviewing the Apple app store privacy section,11 it may be delicately enforced. For example, point 17.2 in the privacy section stated, “Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected.”11 However, many social media apps require the user to provide an email address and other personal information in order to sign up. The popular ‘WhatsApp’ messaging app requires the user to verify his or her mobile phone number in order to use the amenity. In fact, the numbers of apps that ask the user to verify a phone number is increasing. In addition, apps that aim to exploit users’ information could use indirect strategies. For example, an app that simply provides the user with the function of turning the smartphone into a flashlight collects data about the user location, calendar, contacts book and phone usage data in order to provide such information to advertising networks.12 In contrast, an app called ‘Disconnect’, a privacy tool designed to stop other apps from collecting data on users, was released on Google Play for Android devices, and after 6 days Google removed it because it violated a policy prohibiting apps that interfere with other apps.13 Although such an initiative was welcomed by around 5000 users who downloaded the app in the first 6 days, it did not seem to convince Google Play about the importance of users’ privacy. It also highlighted how vague their consumers’ data privacy policies are.13 The privacy issues are also exacerbated by the health consumers’ behaviour of ignoring the credibility of health app publishers.14 Therefore, health information privacy laws are urgently required.


The quality of health-related apps has many aspects, including the accuracy of content, the quality of user data, privacy protection, and prevention of apps malfunction harms and consequences. In terms of the quality of health-related content, various reviews of the quality of health-related apps found that most of the available apps for various conditions were of low to very low quality.15 In addition, there are limitations in the methods of assessing health-related apps’ quality in health literature.15 To improve the quality of assessment methods, disease-specific self-management guidelines could be used to predefine the essential content that must be available.15 However, these also need to include the usability and evidence-based methods for presenting and delivering health information to consumers. An app with high-quality health information content is not necessarily the best in educating and/or changing health consumers’ behaviour. Therefore, the quality of health-related apps should also be judged by its usability and best practices for communicating health information.

Standardised assessment methodologies based on a predefined list of content generated from self-management guidelines could nevertheless contribute indirectly in improving the quality of health-related apps by allowing health app developers to utilise the same predefined list.15 However, we know very little about the perceptions of health app developers regarding these issues, their needs, and some of the difficulties they face in the process of developing a health app. Future research may explore the health apps developers’ needs, motivations and perceptions to health-related apps.

To conclude, when it comes to regulations and policies of the crossroads between health and smartphone technology, there are various dimensions that should be addressed, including public health policies, age and content rating, safety, privacy and quality. Regulating one dimension and ignoring the others will eventually undermine the regulated part via loopholes from the other dimensions.


View Abstract


  • Contributors All authors made substantial contributions to editing and drafting of the manuscript, and read and approved the final manuscript. NFB was responsible for drafting the manuscript.

  • Competing interests None.

  • Provenance and peer review Not commissioned; internally peer reviewed.