Combine this with the Meta Pixel illegal localhost tracking that bypasses privacy measures [1] [2] and the privacy leaking could be off the scale.
I think this goes for all things - medical data such as heart rate, blood sugar, steps, weight, VO2 max, etc, could all be seriously misused.
Personally I try to use apps that are not cloud-based, or make my own, but this isn't an option for everybody.
[1] https://www.zeropartydata.es/p/localhost-tracking-explained-...
You don't need a Meta pixel if the app simply... shares the data with Facebook, as Flo was caught doing.
https://en.wikipedia.org/wiki/Flo_(app)#Privacy_and_security...