I bought a cheap BLE thermometer to log temperatures in the garage, and its app was exactly as bad as £6 implies: an account wall, an advert, and no way to export anything. So I ignored the app and talked to the device directly.
The tool for this is nRF Connect on a phone. Connect to the device and it enumerates the GATT table for you: every service, every characteristic, and crucially which ones support notify. A thermometer that streams live readings has to be pushing them out as notifications, so I subscribed to each candidate characteristic and breathed on the sensor.
One of them lit up. Every couple of seconds it pushed a short packet, and the bytes moved in step with the temperature. A bit of staring revealed the obvious: a little-endian 16-bit integer, value in hundredths of a degree. 0x09 0x08 reading as 0x0809, 2057, 20.57°C. No encryption, no authentication, no app required.
From there it's a twenty-line Python script with bleak that connects, subscribes to that one characteristic UUID, and appends (timestamp, temperature) to a CSV. It's been quietly logging the garage ever since. The gadget was cheap and the app was rubbish, but the radio doesn't lie, and the data was free for anyone willing to listen.