I believe this is actually only true under very specific circumstances -- namely, enterprise certificates, which are used to distribute apps directly to employee devices, without going through the app store. If they decide to revoke a regular developer certificate, the apps already distributed through it are not affected in any way.
They can control which apps can and cannot run as long as those apps are intended for internal use by enterprises. That seems reasonable imo, given that these apps are also not subject to any approval process.
They can control which apps can and cannot run as long as those apps are intended for internal use by enterprises. That seems reasonable imo, given that these apps are also not subject to any approval process.