Insist on quality legal counsel. ICO's do not have to violate the law (though many probably do). Competent counsel will be able to talk them through how to do this safely and explain the risks (which can include returning funds and criminal sanctions) if they try to take shortcuts. If you're not sure which firm to use, look at who sophisticated buyers are using (e.g., check SEC filings in their Edgar system and cross-ref with who's putting out literature on ICO's).
Depending on the location, if their app collects revenue or is sold in a local then it has a formal presence, and is subject to the laws of that jurisdiction.
I can NOT release an app that violates EU privacy laws in the EU and expect that it will be allowed to be sold after the issue is discovered.
In the case of crypto (what were talking about here) local laws would apply. If china holds tightly on to that ban, if south korea follows suit, and this feature is integrated, then they are defacto violating local laws and may be subject to local laws and sanction actions.
See my other comment here, but you would still be subject to local laws and regulations and that may limit or prohibit the sale of your app depending on your features and how they are integrated.
They absolutely will. If their company is going to be offering tokens in the US, or anywhere, they open themselves up to prosecution in those jurisdictions.