If Google had provided details of what the violation was, he might be able to tell us about that part. One of the big problems is that they don't.

I wonder if the GDPR covers this under the right of explanation (if it happens to someone in the EU), or was the decision made against a non-human app who has no rights to violate?

That strikes me more as the "100% literally correct" wording common of technical people, rather than the "just about honest enough that it's not fraudulent" wording that you seem to be suggesting. I think his app is genuinely not deceptive.