I think TheLoneWolfling was talking about Verizon or AT&T enabling this kind of "only trust this cert" with one of their own as an intermediary, effectively shutting out Apple and all the actual independent developers on that ecosystem in favor of "The AT&T App Store for your iPhone by AT&T" style closed gardens.

Ultimately, Apple holds the private key that signs every developer's certificate, and thus they have the capability of granting a certificate that is in every way compatible as another developer's certificate. There is no way to escape this scenario, that plagues SSL and TLS as well, without redesigning the asymmetrical certificate infrastructure from the ground up.