App screenshot on the appstore shows a list of names associated with a rota, presumably crew member names scraped from the airlines' password-protected crew portal.
It's not especially surprising airlines don't want unauthorised third party apps accessing and storing personal data from their intranets, even if the third party developer is very ethical about not leaking it to people without passwords and makes beautiful UX
They don't have a right to scrape password protected personal data off an intranet, and AA also have the right to attempt to block an app or its scrapers regardless of whether the scraping is legal or not.
In this context blocking scrappers is probably legal for AA. However it might be illegal in other contexts, such as if there are any concerns around disability.
All the rulings here have enforced employers rights to their data. The google engineer using their login to scrape users private emails and then running it through a third party platform would be fired.
It's not especially surprising airlines don't want unauthorised third party apps accessing and storing personal data from their intranets, even if the third party developer is very ethical about not leaking it to people without passwords and makes beautiful UX