Medical · Privacy report
CVS Health icon
CVS Health
Free · ★4.7 · CVS Pharmacy

Is CVS Health safe?

It collects a lot of your data, and shares it with trackers.

Our take. CVS Health carries 10 third-party trackers and its own label declares it links 10 categories of your data to you. It collects a lot itself, and shares a lot with outside companies.

Privacy footprint · vs 82 medicalHeavy
Trackers from other companies10 · a lot
typical medical: 2
Data the app links to you10 types · a lot
typical medical: 5 · from its own privacy label
What it collects about you

CVS Health links 10 categories of your data to you.

From the developer's own App Store privacy label. These are the kinds of data CVS Health ties to your identity.

Health & FitnessPurchasesFinancial InfoContact InfoUser ContentSearch HistoryIdentifiersUsage DataSensitive InfoOther Data
Who else is inside

It carries trackers from 3 companies.

Third-party SDKs found in the app, matched to the company that publishes each. Present in the code; we do not observe what they transmit.

🏢Monitoring SDKAnalytics
Crash and performance monitoring.
4
SDKs
🏢Other third partiesanalytics
A third-party SDK.
4
SDKs
🏢Messaging SDKMessaging
Push notification and messaging platform.
2
SDKs
How it compares

Where it sits among medical.

Every one of these apps we have scanned, on the two measures above: third-party trackers it carries (across) and data it links to you on its own label (up). Toward the top right is more invasive.

Each dot is one medical app. CVS Health sits to the right, carrying more third-party tracking than most.

The evidence

What it's built from.

All 48 SDKs in the app, grouped by what they are for. 10 are third-party trackers.

10
1
37
10analytics
1crash reporting
37standard libraries

10 of the 48 are third-party trackers. The rest are the app's own code and standard open-source building blocks.

Show the full SDK list
Monitoring SDKAnalytics
Datadog · Datadog Internal · Datadog Logs · Datadog RUM
Other third partiesanalytics
Medallia Digital · Medallia · New Relic · Quantum Metric
Messaging SDKMessaging
Braze · Braze Location
Standard libraries37 · on-device
The app's own code plus open-source interface, storage and networking libraries.

How we know this

Counterspy downloads the app from the App Store and statically analyzes its compiled binary. Embedded SDKs are matched against a signature database and resolved to the company that operates each. We also read the developer's App Store privacy label, which lists the data the app says it collects and links to you. We do not run the app or intercept its traffic, so we report capabilities present in the code and the developer's own disclosures, not proven transmission. We assess privacy and data collection, not malware, security flaws, or developer intent. Reports are automated and never edited for payment. Scan v26.3.50, 2026-04-04.

  1. Third-party trackers are advertising, analytics and attribution SDKs detected by static signature matching. Presence shows a capability is compiled in, not that it ran or transmitted data.
  2. "Data the app links to you" is the count of data categories the developer declares as Data Linked To You in its App Store privacy label. Labels are self-reported and not verified by Apple.
  3. Comparison across the 82 medical in our corpus. Trackers: median 2. Data linked to you: median 5.