there's no need to transmit the collected data away from the device. boom! nobody is storing data. it's all local to the device. that's an easy decision to make. you don't even need to collect an ID of any type. this app on this device counted steps. nobody outside of the app on that device needs to know.

transmitting that information to the company servers is a decision that can easily be not made to do, and when it is, you're already at risk. so, why do it?