Revocation is simple: Apple simply blacklists the certificate, and iOS devices will refuse to run the app. I'm not sure how reversal works, but it's likely that either Google was granted a new certificate to sign their apps with or Apple somehow has a way of "unblacklisting" certificates.
Unjailbroken iOS users, yes - certificates are signed by Apple. That said it's pretty easy to get a developer certificate for yourself. You just have to a) own a Mac and b) agree to not use it externally (which is what both Facebook and Google failed to do), but nothing prevents there being e.g. a community of people running open-source apps that don't abide by the App Store restrictions, all compiling them on their own machines.
> agree to not use it externally (which is what both Facebook and Google failed to do)
It's important to note that the certificates that Facebook and Google had revoked were not developer certificates, they were enterprise certificates, which are have significantly fewer restrictions when distributing outside of the App Store and hence have more rules attached to their use.
> but nothing prevents there being e.g. a community of people running open-source apps that don't abide by the App Store restrictions, all compiling them on their own machines.
My memory could be wrong on this, but I thought this is exactly what the Flux app did and Apple sent them a cease and desist for keeping the self compile and self sign instructions online.
In a sense, you're still right as long as the community stays small enough that it doesn't get the attention of Apple.
f.lux is not open source, and Apple told it to stop because it tried to distribute itself as an opaque binary rather than something that users could compile themselves.
I don't think this is accurate. The original announcement HN thread includes discussion of the source, which is linked and still online on GitHub:
https://news.ycombinator.com/item?id=10550427