Yeah, but Bluetooth spec changed a lot over the years (3000+ pages) and the certification price is rather expensive.

There's an interesting article from Wired [1] about this, although some interesting comments from the engineers working on BT stacks are far more interesting. It seems like most of the manufacturers do not create spec-compliant devices, and that the tests from the certification are just poor.

I'd love to hear more from an expert on the topic, but this looks to be the consensus.

[1]: https://archive.ph/6201V

I think people are generally aware of how low quality the Bluetooth protocol suite is though so maybe they'd guess that extends to security too.

I definitely remember lots of folk security advice to keep bluetooth off on your phone back when smartphones were new (nobody does that now though, and Android auto-enables it these days).