Your Health App Knows More About You Than Your Doctor Does
When last did your doctor check on you?
Last week? Last month? Maybe three months ago — during that routine visit you almost cancelled?
Now ask yourself: when last did your health app check on you?
This morning. Last night. Every single time you opened your phone.
That little app on your screen — the one tracking your period, your blood pressure, your mental health, your symptoms — it has been watching you every single day, quietly building a profile of you that your doctor, your family, and even you yourself may never fully see.
This is the story of your health data. And it is time you knew what was happening to it.
Explain It Like I'm 10
The Nosy Notebook
Imagine you had a special notebook where you wrote down everything — when your tummy hurts, when you feel sad, when you have a headache, what medicines you take. You carry this notebook everywhere.
Now imagine that notebook secretly makes photocopies of your notes and sends them to strangers — people you've never met, who live far away, who sell those notes to other strangers for money.
You never said they could. But buried on page 47 of the agreement you "agreed" to (the one with all those tiny words you scrolled past without reading) — it said they could.
That's what some health apps are doing. Your phone is the notebook. The strangers are called data brokers. And the photocopying? That's happening right now.
The Architecture of Health Data Monetisation
In the digital health ecosystem, consumer-facing applications — symptom trackers, fitness monitors, period apps, mental wellness platforms — collect what the industry classifies as Personal Health Information (PHI) and behavioural data. Unlike hospital records, which are governed by strict regulatory frameworks (HIPAA in the US, NDPR in Nigeria), most consumer health apps operate in a grey zone.
These applications embed third-party SDKs for analytics, advertising, and performance tracking. When a user logs a symptom or searches a condition, that data event can be passed — often in pseudonymised but re-identifiable form — to advertising networks, insurance-adjacent data brokers, and market research aggregates.
The mechanism is typically disclosed (barely) in privacy policies under language like "we may share aggregated or de-identified information with trusted partners" — language that grants the app provider wide latitude while offering the user minimal recourse.
The data product that emerges is extraordinarily valuable: longitudinal health behaviour data, correlated with demographics and location, at scale. A data broker does not need your name. They need your pattern.
Real-World Examples
This Is Happening — Including Here
100 Million Users. Most Had No Idea.
In 2019, The Wall Street Journal reported that Flo, one of the world's most popular period and fertility tracking apps, was sharing users' intimate health data — including ovulation predictions and pregnancy intentions — with Facebook. This happened even when users had turned off Facebook data sharing on their phones. Most of its 100 million users had no idea.
Your Mindfulness App May Have Described Your Hard Times to HR.
A 2021 study in JMIR mHealth and uHealth found the majority of top-ranked depression and anxiety apps shared user data with third parties, including platforms that supply data to recruitment and HR analytics companies. That mindfulness app you downloaded during a tough period at work? It may have described that tough period to people making decisions about people like you.
Your Data Leaves Lagos. It May Not Come Back.
In Nigeria, the National Data Protection Regulation (NDPR) exists — but enforcement is still maturing, and the vast majority of health apps downloaded by Nigerians are headquartered abroad, subject primarily to foreign law. When you grant a symptom-checker access to your contacts, location, and microphone, you are transferring data outside any jurisdiction with a clear reason to protect you.
You do not need to be a cybersecurity expert. You need three habits.
Audit Your App Permissions
Go to your phone settings right now. Find your health or fitness apps. Check what permissions they hold — location, microphone, contacts, camera. Ask: does this app need this access to serve me? If not, revoke it.
Read the Third-Party Section of Privacy Policies
You don't need to read the whole policy. Search (Ctrl+F / Command+F) for the words "third party," "partners," "share," or "sell." What you find in those paragraphs tells you most of what you need to know.
Delete Apps You No Longer Actively Use
Every dormant app is an open window. A health app you downloaded two years ago is still permitted to collect data in the background on many devices. Delete it. The data it already has, it keeps — but you stop the bleeding.
Your health data is not just personal.
It is commercially valuable in ways that can affect your insurance premiums, your employment prospects, and your financial profile — often without you ever knowing it happened.
Your ATM PIN protects your bank balance.
Your health data, unprotected, can expose something far more intimate.
Guard it like you guard your money.
Because someone, somewhere, is already treating it like theirs.