Well in this case, wouldn't most people be using Google owned phones? Or if they bring their own device, have explicitly allowed Google/FB to manage their device through an enterprise system. That enterprise system for some reason shared a cert with an application _not_ used for enterprise, so the cert is banned.