That's not true. Apple issued a new root certificate using the latest OpenSSL standard. The apps that "expired" were using an out-of-date version. They technically shouldn't have worked in the first place, but Apple kept renewing the old SHA-1 certificate alongside the current one which allowed these apps to validate, despite using a cert that was obsolete since 2005.