People are used to living in highly regulated markets. When they go to a grocery store to buy lettuce, people don't stop to ask "what regulatory regime is this lettuce being sold under?". They just trust that food being sold in a food store will meet our societal standards for food. I can go to Amazon and order a raw steak for delivery, and still trust it will meet standards.

The situation with wellness apps is that they are a product that are designed specifically to exist outside of the regulatory regime that people associate with them.

>Why would anyone think that a non-HIPPA compliant app would keep medical information private to the level of security needed for medical data?

because lots of people dont know what HIPPA is, and (naively to us more familiar with tech) assume that a medical-related app on a curated app store would be safe for medical-related stuff.

"Because Apple and Google said my data was safe, so it must be safe in the apps. What's hippa?," said more than 50% of the population.

People just wanna track stuff, they don't really look into is something HIPPA compliant or read the ToS. App store push, recommendation, word of mouth are what makes the app like this spread, not really details HIPPA compliance.