I don’t see the problem. As a corporation you sign an agreement to use an Enterprise certificate to distribute your app internally. The rules are very clear. FB broke those rules. If you don’t break the terms of the agreement you’re in the clear.
Imagine Microsoft would shut down every computer who is not licensed properly. Without any joke, dead people are the result. For that reason you talk first and then act accordingly. Killing a business partner internal applications is very drastic behavior.
What do you think would happen if you used your Azure, AWS, or GCP account to knowingly do DDOS attacks?
Or more realistically if you do Pen testing on your own AWS resources without getting the approval of AWS and your entire organization is dependent on it? It is explicitly stated in your agreement with AWS that you can’t do that.
