... doesn't the app set an encryption key after they pair?
The most similar device I've worked on is the various Oculus devices. Which will also accept bluetooth connections from absolutely everyone, but the first time you connect you store an encryption key that is used to secure all subsequent comms.
If it did that then losing your phone, deleting the app's storage or moving to a different phone without transferring the app's storage would brick the smart ring.
Oculus decides are pretty big, I assume they have buttons that allow you to recover from that. This ring doesn't.
I mean, they have at least one button to trigger a factory reset, yeah.
Even most input-less smart devices have a way to do that though - like those ridiculous smartlight bulbs where you have to flick the light switch on and off in morse code to trigger the factory reset
The most similar device I've worked on is the various Oculus devices. Which will also accept bluetooth connections from absolutely everyone, but the first time you connect you store an encryption key that is used to secure all subsequent comms.