Great writeup. I'm running an app that monitors social news sites like HN and sends the matching posts to the user. Most of my emails are marked as malicious, and my G Suite account was even blocked once.
It's easier to remember example.com than example.app, so it matters in contexts where someone has to remember an URL. Imagine nike.get - sounds like a scam. Big serious brands have a .com. And now you have the association: if you have a .com then you're a big serious brand.
> Or prepend "get" or append "app" to the name to obtain the dot com TLD.
This is bad advice - always check if the word is trademarked. I learned it the hard way - I was running mentionme.app and mention.com sent me a cease and desist letter, since they own the word "mention".
Similarly Facebook sent a cease and desist letter to openbook.social.
I'm running https://mentionme.app (I guess we're somewhat competing) and when talking with users I learned that there is a common misconception with Google Alerts. I don't think it works how people think it works. It will miss mentions on social news sites, it seems it's more of a trend measuring tool than an alerting tool. Just monitor and post a random string to reddit.com/r/test to see yourself.