While the join request is not encrypted, the AppKEY is used to generate its cryptographic checksum.
Since the device is using an AppKEY unknown to TTN, the message looks like a valid join request to the network server part of the infrastructure, but won’t validate as a join against an application to the join server function.
Essentially at the first level:
“that looks like a join request”
and at the second
“well, that’s not MY join request”
It all comes back to the correctly identified issue of the AppKEY needing to be a shared secret.