Threat model is probably third party ad and tracking libraries that pay to get into apps. If I caught it, I'd expect it to be from an app to use a parking deck, a colorful desk lamp, an otoscope etc where the developers sold out years ago