That's not true. Apple issued a new root certificate using the latest OpenSSL standard. The apps that "expired" were using an out-of-date version. They technically shouldn't have worked in the first place, but Apple kept renewing the old SHA-1 certificate alongside the current one which allowed these apps to validate, despite using a cert that was obsolete since 2005.

Which is to say, that's exactly what Apple's scheme does, except in one crucial point where it does not, which malfunctioned and caused a bunch of havoc.

Why does a purchase receipt need to have an expiration date at all? It's stupid. This stuff should be once-and-done.