For non-malicious apps, generally speaking DoT is something you need to specifically enable, whereas certain major applications are working towards using DoH by default (or they already do [0]). DoH is also mixed with regular HTTPS traffic, so it is much harder to detect and act upon - so businesses need to spend more effort to counter it. As a bonus, most of the mitigations in use here also apply to DoT, so you are also getting it in the bargain...
