> What even is a legitimate use case for an app starting a local web server?

There are apps on iOS that act as shared drives that you can attach via WebDAV. This requires listening on a port for inbound WebDAV (HTTP) requests.

I expose a LAN accessible status board from an app via HTTP. The app runs completely offline, thus I can't rely on something hosted on the public internet.

My last electron app did effectively the same thing. I took the hosted version of my app and bundled in electron for offline usage with the bundled app being just a normal web application started by electron.

Which begs the question why is this specific to Android? Why would Meta/Yandex not be doing this on iOS, or why did this study not report on iOS?

A long time ago I used it to work around an iOS limitation that prevented apps from simultaneously streaming audio and caching it. You could give the media player a URL for a remote stream, but you couldn’t read the same stream. The alternative was to get the stream yourself and implement your own media player. I didn’t want to write my own media player, so I requested the stream myself in order to cache it, plus fed it back to the OS media player via localhost http. Total hack, but it worked great. I wonder if they ever took that code out. It’s got hundreds of millions of installs at this point.