Why isn't it hard to block access to the back-end services that the app communicates with? If it doesn't require back-end services, then why is it more resilient than an offline PWA?
I do not know what technique this app used, but in practice apps are more resilient. It has been shown by Telegram which more or less successfully evaded blocking in Russia. I think it's a combination of lower-level network API, traffic obfuscation libraries, push notifications, and hosting some info on public services which cannot be blocked without affecting too many people. But it is just a guess.
