They propose to install Firefox to work around the root certificate problem on old android devices. But can’t you just manually install their root certificate on most phones?
It probably looks a lot less sketchy to your users to tell them to install a browser they've probably heard of and may have used in the past than install a root certificate. Plus, that doesn't fix the problem of other certificates expiring, only extends it.
Interestingly, it appears to be back in 11. You are right it wasn't possible for some set of versions, not sure how far you have to go back for it to be possible again.
They appear to have added it back with a big warning screen similar to what they do for VPNs and stuff telling users it could compromise them, which is reasonable. It was a pain you couldn't before.
I see you've guessed why I'm on Android 7! The updater refuses to work if you have su.apk in your system directory. Can't simply ignore that file now, can we?