Mobile apps have the advantage of not being restricted to access on a single IP. So using their keys is often as simple as digging it out of the appropriate binary.
Android and iOS make it quite simple to grab the relevant APK or IPA packages as needed, then you just load that package into the appropriate decompiler or disassembler, look for strings first as often API keys are just left in as hardcoded strings.
It's not a recommended strategy if you want to be legitimate, but if you're going rogue anyways, may as well go all the way.
The bigger risk is that they'll come after you for using their trademark, but there's some PR risk to that too...