Bluetooth on Apple devices leak battery, device name, WiFi status, buffer availability, OS version, and phone number.
Article here, with demonstration: https://hexway.io/research/apple-bleee/
The phone number is provided as a SHA256 hash, but given a phone number has at most 23 bits of entropy (less than 16 if you assume an area code and compare to a database of known numbers) it’s very fast to recover the phone number.
This works even if you have WiFi or Bluetooth disabled (white circle) rather than off (empty circle) — I was able to verify just now, running this script.
Does anybody know of a quick way to turn WiFi and Bluetooth truly ***off*** on an iPhone?