Didn’t that get hardened in response to the Onavo revelations? In particular, Facebook was using their developer certificate to sign spyware installed via MDM. I don’t remember it being a requirement from the beginning, even though China has tightly regulated VPNs for a long time.
Honestly I see no issue with facebook being allowed to do this. If someone pays me to install spyware on my desktop, nobody complains that we should remove the ability to run as root.
