If you're sending the email address to a server (which is presumably needed to recover a password), I think this makes sense. Apple/Google has no way of knowing or verifying what the the server is doing with that data.
Absolutely, I meant that the app is not used to collect the email address since it is already in our system but it is true they have no way of knowing.