On Android, one can sideload an app. Amazon has it's own app store. Chinese Android phones have their own. Android was initially designed with this kind of openness. In fact, Google didn't have an app store initially.
Now, there are pros and cons to these approach.
FB could be side loading Android apps all day long, doing who knows what, and there is not much Google can do about it.
Now, if they were a bit smarter, they could've used a shell company's throwaway certificates.
I cannot fathom why they would do something this shady using their own corporate certificates.
