Man, deep packet inspection is some crazy stuff.

Good implementation can identify the type of traffic within seconds with scarily good accuracy.

Quite a few countries actually implement this in their national ISP’s infrastructure to block VPNs, so the citizens can’t access non-approved websites.

It wouldn’t.

USA tried to keep the encryption all to itself in the past by classifying it as munitions, it didn’t work out.

And criminals don’t care if encryption is banned anyway.

The issue seems a bit misrepresented by the dev.

The mentioned section of the privacy policy is true only for the logged in users that have agreed to voluntarily share their data.

Without logging in they don’t even store a single cookie on my device.

There’s no reason an app should be more trustworthy than the email.
It’s pretty standard for scummy companies to make the process as annoying as possible.

They already said they don’t want to.

They asked you to install the app on purpose, in hopes that you’ll decide it’s too much hassle and decide not to delete the account.