The architecture of the app didn't seem related to the "DDoS" attack they're describing. If it's only their setup file being downloaded, I imagine their backend isn't even touched, doubly so if they're using cloudflare for caching.