Do Mental Health Therapy Apps Pose Red Flag Risks?
— 6 min read
Medical Disclaimer: This article is for informational purposes only and does not constitute medical advice. Always consult a qualified healthcare professional before making health decisions.
What the evidence says about red flag risks
Yes - many mental health therapy apps carry red-flag risks that can affect your privacy, safety and clinical outcomes.
Over 20 years of research have examined how digital media use impacts mental health, and a growing body of studies now flags serious concerns with apps that claim to provide therapy.
Key Takeaways
- Red-flag risks include data breaches, unvalidated claims and inadequate clinical oversight.
- Regulatory bodies like the ACCC have flagged several mental-health apps for misleading advertising.
- Scientific studies show mixed efficacy, especially for apps lacking clinician input.
- Consumer checklists help cut through marketing hype.
- Legal liabilities can fall on users if apps fail to meet standards.
In my experience around the country, I’ve seen this play out when a teenager in Brisbane relied on a free app that promised CBT but gave generic advice, leading to a worsening of anxiety. The issue isn’t the technology itself - it’s the lack of transparent, evidence-based safeguards.
Researchers from anthropology, psychology, sociology and medicine have been studying the relationship between digital media and mental health since the mid-1990s, noting that "digital dependencies" can vary across cultures and societies.1 The systematic review of digital health behaviour change interventions for severe mental illness highlighted that many apps lack rigorous evaluation, with only a handful meeting clinical standards.Digital health behaviour change interventions in severe mental illness.
Look, the red-flag risks fall into three buckets: data privacy, clinical validity, and regulatory compliance. Below I break down why each matters.
- Data privacy breaches: Many apps store user conversations on cloud servers without robust encryption, leaving sensitive information exposed to hackers.
- Unvalidated therapeutic claims: Apps often market themselves as “clinically proven” without peer-reviewed evidence, leading users to trust ineffective or harmful advice.
- Regulatory non-compliance: The ACCC has taken action against apps that mislead consumers about outcomes, but enforcement is still catching up.
How to spot red flags - a science-backed checklist
When I started vetting apps for a national health column, I built a checklist that draws on the findings from the AI Companions as Mental-Health Proxies study, which highlighted common failure points in digital therapy platforms.
The checklist is designed to be quick, yet thorough enough to give you confidence before you download.
- 1. Who built the app? Look for a clear list of clinicians, researchers or accredited organisations involved in development.
- 2. What evidence supports it? Check for peer-reviewed studies, RCTs or government-backed evaluations; marketing hype is not evidence.
- 3. How is data handled? Read the privacy policy for encryption standards, data storage location and third-party sharing clauses.
- 4. Are there clear safety protocols? The app should have crisis-intervention links, such as a 24/7 helpline, and a clear escalation path for severe symptoms.
- 5. Does it comply with Australian law? Look for references to the Australian Privacy Principles (APPs) and any ACCC compliance statements.
- 6. Is there a transparent pricing model? Hidden fees or “freemium” traps can indicate a profit-first approach over user wellbeing.
- 7. User reviews and complaints? Search the ACCC consumer portal for any lodged complaints about the app.
- 8. Update frequency? Regular updates suggest ongoing security patches and clinical content refreshes.
- 9. Accessibility features? Look for options like text-to-speech, colour contrast and language localisation.
- 10. Professional oversight? Does the app allow users to schedule real-time video sessions with licensed therapists?
When you run through these ten points, you’ll quickly weed out apps that are more gimmick than genuine support.
Comparing popular therapy apps - where the red flags show
Here’s a quick snapshot of three of the most advertised mental health apps in Australia, measured against the checklist above. The data comes from public documentation, user forums and the ACCC’s complaint database.
| App | Clinical Evidence | Privacy Rating | Red-Flag Summary |
|---|---|---|---|
| Wysa | Mixed-methods study of 12,000+ users shows modest symptom reduction | Medium - stores data on US servers, encryption standard unclear | Limited crisis support; privacy policy vague on third-party sharing |
| MindSpot | Government-funded RCTs demonstrate clinically significant outcomes | High - Australian-based servers, complies with APPs | Few complaints; subscription model transparent |
| BetterHelp | Claims RCT backing, but peer-review evidence not publicly available | Low - reported data breaches in 2022, US-based storage | Aggressive upselling, limited local therapist availability |
Notice how privacy and evidence vary dramatically. Fair dinkum, if an app can’t tell you where your data lives, that’s a red flag screaming for attention.
Legal, privacy and ACCC perspectives
In my nine years covering health, I’ve watched the ACCC tighten the reins on digital health claims. In 2022 the commission lodged a $2.3 million penalty against a mental-health app for misleading advertising - a case that sent shockwaves through the industry.
Australian law requires apps to meet the Australian Privacy Principles, which mandate clear consent, data minimisation and breach notification. When an app fails, users can lodge a complaint with the Office of the Australian Information Commissioner (OAIC), which can lead to fines up to $2.1 million for serious breaches.
Beyond privacy, there’s clinical liability. If an app offers diagnostic advice without a licensed professional, it may breach the Health Practitioner Regulation National Law. The Therapeutic Goods Administration (TGA) can also intervene if an app is marketed as a medical device without proper registration.
Here’s what I’ve gathered from recent ACCC reports and legal commentary:
- Misleading outcomes: Claims of “cure” or “instant relief” are scrutinised heavily.
- Hidden data sharing: Some apps sell anonymised data to advertisers - a practice the OAIC deems risky.
- Inadequate emergency pathways: Failure to provide 24/7 crisis lines can breach consumer protection laws.
Legal risk isn’t just for developers - users can be exposed if they share sensitive data with an unregulated platform that later gets hacked.
Practical steps for consumers
When I’m advising a reader who’s nervous about trying a new app, I give them a short-list of actions that cost nothing but time.
- Read the fine print. Open the privacy policy in a new tab and search for “encryption”, “third-party”, and “Australia”.
- Check the developer’s credentials. A reputable app will list the qualifications of its clinical team and any university partnerships.
- Look up the app on the ACCC consumer portal. Search the app name to see if any complaints have been lodged.
- Test the crisis feature. Click the emergency help button - does it connect you to a 24-hour helpline?
- Ask your GP or psychologist. A health professional can confirm whether the app aligns with evidence-based practice.
- Trial a free version first. Many apps offer a short free period; use it to gauge usability and data handling.
- Set a data limit. In your phone settings, restrict background data for the app until you’re confident it’s safe.
- Read user reviews critically. Look for patterns - multiple mentions of data loss or poor support are warning signs.
- Keep a backup of your conversations. Export chats regularly in case the service shuts down unexpectedly.
- Know your rights. If an app breaches privacy, you can lodge a complaint with the OAIC and seek compensation.
These steps turn a confusing market into something you can navigate with confidence.
Bottom line - are you safe?
Here's the thing: mental health therapy apps can be a useful adjunct, but they are not a free-pass to ignore safety and evidence. By applying the checklist, comparing privacy scores and staying aware of legal safeguards, you can minimise red-flag risks.
In my experience, the safest apps are those backed by government funding, transparent about data, and that integrate real-time clinician support. If an app falls short on any of those fronts, treat it with caution and consider traditional therapy routes.
Ultimately, you deserve a digital tool that respects your privacy, delivers proven support, and complies with Australian law. Use the resources above, stay informed, and you’ll be in a far better position to make a fair dinkum choice.
Frequently Asked Questions
Q: What red-flag signs should I look for in a mental health app?
A: Look for vague privacy policies, lack of clinical evidence, no crisis-support feature, unclear data storage locations, and aggressive upselling. If any of these appear, the app likely carries red-flag risks.
Q: Are mental health apps regulated in Australia?
A: Yes. Apps must comply with the Australian Privacy Principles, and if they claim to be medical devices they need TGA registration. The ACCC also monitors misleading health claims.
Q: How can I verify if an app’s clinical claims are real?
A: Check for peer-reviewed studies, RCTs or government-funded evaluations. Look for links to published research, and avoid apps that only cite testimonials or internal data.
Q: What should I do if my data is breached by a mental health app?
A: Report the breach to the Office of the Australian Information Commissioner (OAIC), which can investigate and impose fines. You may also consider legal advice if the breach caused harm.
Q: Can I rely solely on a therapy app for severe mental health issues?
A: No. For severe conditions, professional face-to-face care remains essential. Apps can supplement treatment but should not replace clinician-led therapy, especially when crisis support is needed.