mental health app vetting

5 Hidden Red Flags In Mental Health Therapy Apps

— 5 min read
How psychologists can spot red flags in mental health apps — Photo by HONG SON on Pexels
Photo by HONG SON on Pexels

In 2022 the Australian Psychological Society warned about a surge in unregulated mental health apps, and the five hidden red flags are lack of professional registration, missing clinical evidence, vague privacy practices, aggressive monetisation, and unvalidated diagnostic claims.

Medical Disclaimer: This article is for informational purposes only and does not constitute medical advice. Always consult a qualified healthcare professional before making health decisions.

Mental Health App Vetting

When I started covering digital health for the ABC, I quickly learned that not every app that claims "clinically proven" actually backs it up. The first line of defence is a solid vetting process. Here’s how I assess an app before giving it a nod.

  1. Professional registration: Check if the app is listed with the Australian Psychological Society (APS) or another recognised body. Registration signals that the developer has agreed to a code of ethics and ongoing oversight.
  2. Clinical trial disclosure: Reputable apps publish trial data or peer-reviewed papers on their website or in registries such as the Australian New Zealand Clinical Trials Registry. If you can’t find any, that’s a red flag.
  3. Developer reputation: Look up the company’s history on the ASIC register and read user reviews on professional forums. Developers with a track record of evidence-based products are far less likely to cut corners.
  4. Regulatory compliance: Verify that the app complies with the Therapeutic Goods Administration (TGA) if it makes health claims. An unregistered claim may breach the Therapeutic Goods Act.
  5. Transparency of funding: Apps that hide who pays for the research or have undisclosed commercial sponsors may be biased toward selling services rather than delivering care.

Key Takeaways

  • Registration with APS signals accountability.
  • Missing trial data should raise immediate concern.
  • Check developer reputation on ASIC and professional forums.
  • Compliance with TGA is essential for health claims.
  • Opaque funding often hides commercial bias.

Psychologist Red Flags Apps

In my experience around the country, I’ve seen a handful of apps rely on flash-in-the-pan marketing rather than science. These are the warning signs that should make any psychologist sit up straight.

  • Splash-screen hype: Promises of “instant mood lift in 5 minutes” without any citation to research are a rookie red flag. Real therapeutic change takes time and evidence.
  • Diagnostic claims: Any in-app message that says it can diagnose depression, anxiety or psychosis without referencing standard tools such as the PHQ-9 or GAD-7 is unvalidated and potentially dangerous.
  • Contact opacity: A missing support email or a response time longer than 48 hours suggests the developer may not prioritise user safety.
  • Aggressive push notifications: Frequent prompts urging users to upgrade to a premium plan or click on external ads betray a monetisation model that compromises therapeutic neutrality.
  • Absence of clinician oversight: Apps that claim to replace a therapist but offer no way to involve a qualified psychologist breach professional standards.

Fair dinkum, an app that pushes a subscription every time you open it is unlikely to be focused on your mental wellbeing.

Clinical Evaluation Mental Health App

When I sit down with a research team to evaluate a new platform, I lean on the American Psychological Association’s Evidence-Based Practice framework. Even though it’s a US guideline, the principles translate well to Australian practice.

  1. Level of evidence: Look for Level 1 or Level 2 studies - randomised controlled trials or well-designed cohort studies - that assess the app’s outcomes in the target population.
  2. CONSORT alignment: Check whether the study reporting follows CONSORT guidelines for trial transparency. Missing flow diagrams or selective outcome reporting are red flags.
  3. Data reporting methodology: Apps should publish how they handle missing data, intention-to-treat analyses, and effect size calculations. Vague methodology often hides bias.
  4. Privacy compliance: Apps that process user data must meet GDPR or Australian Privacy Principles (APPs). Look for a clear privacy notice that explains data storage and sharing.
  5. Longitudinal tracking: A good app will provide post-intervention follow-up (e.g., 3-month, 6-month outcomes) to demonstrate sustained benefit.

ScienceDaily recently highlighted how AI-driven chatbots marketed as therapists can breach ethical standards, underscoring the need for rigorous clinical evaluation (ScienceDaily). The same vigilance applies to any mental health app.

App Data Privacy for Psychologists

Data breaches are no longer “if” but “when”. As a psychologist, you’re legally obligated to protect client information, and the app you use must do the heavy lifting.

  • Encryption standards: Verify that the app uses TLS 1.3 or higher for data in transit and AES-256 for data at rest. Legacy protocols expose you to interception.
  • Explicit consent flow: The onboarding process should list every data point collected, why it’s needed, and who can access it. Anything vague is a red flag.
  • Data residency: If the app stores information on servers outside Australia, ensure it complies with APP 11.2, which requires cross-border disclosure and adequate protection.
  • Breach notification plan: Look for a documented process that informs you within 72 hours of a breach, as recommended by the Office of the Australian Information Commissioner.
  • Audit trails: The app should log who accessed a client’s record and when, enabling you to detect unauthorised access quickly.

I once dealt with an app that stored session recordings on a US server without any data-residency clause - a clear violation of Australian privacy law that could have cost my clinic hefty fines.

Evidence-Based Mental Health App

Not every app that claims to be “evidence-based” actually aligns with the standards set out by the DSM-5 or ICD-10. Here’s how I separate the wheat from the chaff.

  1. CBT modules: Verify that the app’s cognitive-behavioural therapy content maps directly to DSM-5 or ICD-10 criteria. Stand-alone mood trackers without therapeutic scaffolding are insufficient.
  2. Adaptive algorithms: Apps that adjust the difficulty or focus of exercises based on user progress demonstrate a personalised approach, which is linked to better outcomes.
  3. Validated scales: Inclusion of PHQ-9, GAD-7, or other recognised measures ensures that progress is measurable and clinically meaningful.
  4. Independent peer review: Look for journal articles that cite the app’s efficacy. Proprietary white papers without external review are suspect.
  5. Outcome transparency: The developer should publish effect sizes, dropout rates, and any adverse events observed during trials.

Balancing promise and risk, the APA services paper stresses that ethical deployment of AI in mental health hinges on transparent evidence and rigorous testing (APA Services). That principle applies equally to any digital therapy platform.

FAQ

Q: How can I verify if an app is registered with the APS?

A: Visit the APS website’s member directory or contact the APS compliance team. Registered apps will usually display a certification badge linking back to the APS listing.

Q: What should I do if an app claims to diagnose without a validated tool?

A: Treat the claim as a red flag. Advise clients to seek a face-to-face assessment and report the app to the TGA if it makes unsubstantiated health claims.

Q: Which encryption standards are considered acceptable for mental health apps?

A: TLS 1.3 for data in transit and AES-256 for data at rest are the current benchmarks. Anything lower, such as TLS 1.0, should be rejected.

Q: Where can I find peer-reviewed studies on a specific mental health app?

A: Search PubMed, Google Scholar, or the Australian Clinical Trials Registry using the app’s name. Look for Level 1 or Level 2 evidence and note whether the study follows CONSORT reporting.

Q: How quickly must a data breach be reported to me as a psychologist?

A: Under Australian privacy law, you should be notified within 72 hours of a breach, giving you time to act and protect your clients.

Read more