Regular apps can't typically access the MAC address of the connected device. Additionally, with BLE (& Bluetooth 5?) the MAC address is required to rotate regularly as part of the spec (IIRC even while connected but certainly the broadcast address).
BLE has a privacy feature that enables MAC address rotation, but it isn't a requirement. Apple products and Android phones use the privacy feature, but other than that most products don't. The possibility of tracking someone via the MAC address of their Bluetooth devices is very real.
But you are correct that regular apps can't address the MAC address of connected Bluetooth devices, so the tracking vulnerability that OP is suggesting isn't really possible.
