Ongoing research projects, among them the Brazilian SPIRA and SoundCov initiatives, seek to diagnose Covid-19 and severe respiratory insufficiency through the analysis of voice recordings. The voice recordings may also be used to infer information about various personal traits, including some considered as sensitive by data protection law. The deployment of such apps may promote significant benefits in the context of a pandemics, since telemedicine avoids the risks of infection, both to potential patients and to the health-care professionals, as compared to presential consultation; those benefits, however, must be evaluated in light of the ethical and data protection concerns mapped in this paper. The operation of voice-based medical apps involves various kinds of personal data, which means that those apps must follow the requirements imposed by Brazil’s General Data Protection Law (LGPD), such as the need for a legal basis for data processing and the purpose limitation of processing. The LGPD also provides a series of rights to users and other data subjects, such as the right to erasure and the right to information about the processing, which must be implemented by any diagnosis app.