How terrible a privacy issue is a WHOOP fitness band?

LunaticBuzz

The WHOOP fitness tracker/band has been recommended to me on medical grounds (heart rate, respiration, sleep, etc etc etc), and so I did not buy it -- it was sent to me by an allied health organization who have been contracted to undertake the assessment (I'm elderly and have been to the Moon, remember ;-). I've done a search on Exodus Privacy, which shows 4 signatures for trackers, and some 60+ permissions, most of which make sense.

I am, as you might surmise, reluctant to put the associated app onto my very spartanly-populated GOS phone, and I've been using it via a de-Googled Android tablet with location turned off. Naturally, I registered it with a masked email address and used fake name initials, etc.

But the question I have is: if I turn off location settings for it, just how bad is it as a privacy issue for all that, given the sandboxing that GOS is renowned for? Does anyone here have/use one? If so, what's your privacy/health trade-off?

p338k

The sanboxing in GrapheneOS is the standard AOSP sandbox, so you will get the same privacy (or lack thereof) that you would get with Android with location turned off. GrapheneOS does allow revoking network permissions to individual applications, so that could provide additional privacy if you don't need to send the data (it appears that you may need to send data).

Sandboxed Google Play services is the regular Googleapplications run in the standard application sandbox with a compatibility layer to let them run without special privileges.