Difficult one the answer really but I would expect it to have been sandboxed and regression tested ( or compatibility tested as I've been corrected to ) by Apple and Google. They have HUGE development teams with a proper development structure in place - the UK government don't.
Unless Apple...
I'm late to this thread - partly because it's in a bloody sub-forum ( Bozza !!! ). Application security and GDPR are almost entirely exclusive to each other. GDPR won't protect you from a badly written app.
I won't be downloading it for a number of reasons :
1. It wasn't properly sandboxed
2...