Grape-eneOS I dont want whatsapp to know anything about my phone.
That's impossible as of yet. There's a number of small bits of information an app with no permissions can retrieve, it's usually harmless and poses no concern, but can be used to fingerprint a device. The FAQ has a very good entry about this topic, have a read: https://grapheneos.org/faq#hardware-identifiers
Graphene1 https://reports.exodus-privacy.eu.org/en/reports/com.whatsapp/latest/
This is an excellent example why Exodus is so misleading. All it does is check against a list of known libraries it deems to be trackers and if there's a match, it rings the alarm bells. If the "tracking" library is simply renamed or otherwise obfuscated, it doesn't go off. If it's a custom implementation, it stays silent. Tracking code can and does fall under the radar all the time, as clearly showcased here. If we trust this kind of "analysis" the Facebook app is the most innocent thing on earth.
Then there's also the permissions page, that is also deceiving. What Exodus lists there are the low-level permissions an app can request, they are not automatically granted on their own.