During the COVID-19 pandemic, many patients and healthcare professionals embraced the possibility of using available mobile devices and applications, exploring the opportunities to reduce the burden on strained services. However, despite strict surveillance under the European GDPR or Medical Device (MD) regulations, users are considered to be primarily responsible for verifying that their application of choice is approved and certified. We searched academic and grey literature and discuss some of the challenges related to the use of personal devices and mobile applications for health and medical purposes. Our position is that policies and technologies should be more considerate of users' behaviour, which includes use of non-medical software for medical purposes, and situations where users seem to choose usability over safety.