Because they don't have the informed consent* of the owner of the device wich ends up running the code?
* no, small print in a click-through agreement doesn't count.
It's not illegal to run code on a device without informed consent to everything the code does. The CFAA may be excessively broad but it isn't that broad.
I think they do actually. It's pretty clear from the consent screen that they're doing what they're doing.