Because it's fundamentally different and more secure.
Apple's model uses a public/private key pair: the private key never leaves your server and Apple doesn't know it. Apple only knows the public key, in the form of a cert. Apple actually writes about the trust model in the docs: https://developer.apple.com/library/ios/documentation/Networ....
Google's model uses a shared secret (the API key) that both the client and server know.
Having worked with both systems, I prefer the ease of the shared secret model, but each system uses a fundamentally different security model.
Just a guess but once you've completed the TLS negotiation the APNS server doesn't need to re-authenticate for the lifetime of the socket connection whereas with API keys the key would need to be verified with each notification (because a new connection would be created)?
There must be a worthwhile reason - the added complexity of certs is non-trivial [1]. Perhaps certs are deemed less easily transferable compared to API keys (simple strings)?
Apple's model uses a public/private key pair: the private key never leaves your server and Apple doesn't know it. Apple only knows the public key, in the form of a cert. Apple actually writes about the trust model in the docs: https://developer.apple.com/library/ios/documentation/Networ....
Google's model uses a shared secret (the API key) that both the client and server know.
Having worked with both systems, I prefer the ease of the shared secret model, but each system uses a fundamentally different security model.