Why does BI app try to make connections to my server when remote and app isn't running?

[Mike A.]

With the VPN connected and the app running when I want to connect to my BI server remotely, that all works as expected.

But without the VPN or app running, I can see attempts to connect to the same port that I use for my BI server even when the app isn't running?

Sample from log file below (SRC=Source, my phone on T-Mobile, DST=Destination, server external IP, DPT=Destination port, BI server port)

Dec 30 19:55:30 netropy kernel: DROP IN=eth0 OUT= MAC=70:8b:cd:de:0e:98:f4:b5:2f:07:xx:xx:xx:xx SRC=172.58.189.xxx DST=xxx.xxx.xxx.xxx LEN=64 TOS=0x10 PREC=0x20 TTL=52 ID=0 DF PROTO=TCP SPT=30363 DPT=46171 SEQ=533561872 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A41056BEE0000000004020000)
Dec 30 19:55:31 netropy kernel: DROP IN=eth0 OUT= MAC=70:8b:cd:de:0e:98:f4:b5:2f:07:xx:xx:xx:xx SRC=172.58.189.xxx DST=xxx.xxx.xxx.xxx LEN=64 TOS=0x10 PREC=0x20 TTL=52 ID=0 DF PROTO=TCP SPT=30363 DPT=46171 SEQ=533561872 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A41056FD90000000004020000)
Dec 30 19:55:32 netropy kernel: DROP IN=eth0 OUT= MAC=70:8b:cd:de:0e:98:f4:b5:2f:07:xx:xx:xx:xx SRC=172.58.189.xxx DST=xxx.xxx.xxx.xxx LEN=64 TOS=0x10 PREC=0x20 TTL=52 ID=0 DF PROTO=TCP SPT=30363 DPT=46171 SEQ=533561872 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A410573C60000000004020000)
Dec 30 19:55:33 netropy kernel: DROP IN=eth0 OUT= MAC=70:8b:cd:de:0e:98:f4:b5:2f:07:xx:xx:xx:xx SRC=172.58.189.xxx DST=xxx.xxx.xxx.xxx LEN=64 TOS=0x10 PREC=0x20 TTL=52 ID=0 DF PROTO=TCP SPT=30363 DPT=46171 SEQ=533561872 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A410577B40000000004020000)
Dec 30 19:55:34 netropy kernel: DROP IN=eth0 OUT= MAC=70:8b:cd:de:0e:98:f4:b5:2f:07:xx:xx:xx:xx SRC=172.58.189.xxx DST=xxx.xxx.xxx.xxx LEN=64 TOS=0x10 PREC=0x20 TTL=52 ID=0 DF PROTO=TCP SPT=44223 DPT=46171 SEQ=533561872 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A41057BA10000000004020000)
Dec 30 19:55:35 netropy kernel: DROP IN=eth0 OUT= MAC=70:8b:cd:de:0e:98:f4:b5:2f:07:xx:xx:xx:xx SRC=172.58.189.xxx DST=xxx.xxx.xxx.xxx LEN=64 TOS=0x10 PREC=0x20 TTL=52 ID=0 DF PROTO=TCP SPT=44223 DPT=46171 SEQ=533561872 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A41057F8E0000000004020000)
Dec 30 19:55:37 netropy kernel: DROP IN=eth0 OUT= MAC=70:8b:cd:de:0e:98:f4:b5:2f:07:xx:xx:xx:xx SRC=172.58.189.xxx DST=xxx.xxx.xxx.xxx LEN=64 TOS=0x10 PREC=0x20 TTL=52 ID=0 DF PROTO=TCP SPT=44223 DPT=46171 SEQ=533561872 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A410587630000000004020000)
Dec 30 19:55:41 netropy kernel: DROP IN=eth0 OUT= MAC=70:8b:cd:de:0e:98:f4:b5:2f:07:xx:xx:xx:xx SRC=172.58.189.xxx DST=xxx.xxx.xxx.xxx LEN=64 TOS=0x10 PREC=0x20 TTL=52 ID=0 DF PROTO=TCP SPT=22848 DPT=46171 SEQ=533561872 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A410597090000000004020000)
Dec 30 19:55:49 netropy kernel: DROP IN=eth0 OUT= MAC=70:8b:cd:de:0e:98:f4:b5:2f:07:xx:xx:xx:xx SRC=172.58.189.xxx DST=xxx.xxx.xxx.xxx LEN=64 TOS=0x10 PREC=0x20 TTL=52 ID=0 DF PROTO=TCP SPT=30498 DPT=46171 SEQ=533561872 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (02040550010303060101080A4105B64E0000000004020000)

Seems odd to me that the app would be doing this in the background but I suppose there could be some reason for it.

Nothing else on my phone that would be trying. The connections are dropped as expected without the VPN running. I can replicate the same behavior by turning off WiFi, disabling OpenVPN, and then launching the app.

Not particularly concerning, just curious why it would be trying. I have alerts set up through another monitoring system to let me know when a connection attempt is made to my VPN so I see this fairly regularly. The app does have Background App Refresh permission so it can do such things and there's nothing being violated.