Do they have any information about enterprise apps? As I understand it, Apple never phones home with app info (such as the identifier, name, etc) when verifying or installing enterprise-signed apps, so the only thing they know is probably the IP address requesting to verify the enterprise-signed app and the frequency of how often Apple devices do this certificate verification.
Considering FB and Google have many employees in all different parts of the world, it wouldn't be too suspicious to see a good amount of diversity between GeoIP regions.
Correct me if i'm wrong about what info Apple collects about enterprise apps.
Anyway I wholehartedly agree with you here and I think Apple genuinely had no knowledge of this activity until news outlets reported on it. Or if they did, it did not make its way to the higher-ups that revoke developer certs.