Sign-off approver rule that details the step for getting the app name from the certification

Here's one way:

List entities = certification.getEntities();
boolean found = false;
String application = null;
if (entities != null) {
  while (!found) {
   for (Object certEntityObj : entities) {
    CertificationEntity nextEntity = (CertificationEntity) certEntityObj;
    List items = nextEntity.getItems();
    if (items != null) {
     for (Object certItemObj : items) {
      CertificationItem item = (CertificationItem) certItemObj;
      if (item.getType().equals(CertificationItem.Type.Exception)) {
       // Has 'extra' entitlements.  Only way to reliably get application
       application = item.getEntitlements().get(0).getApplication();
       if (application != null && !application.equals("")) {
        found = true;
        break; // for items loop
       }
      }
     }
    }
    if (found) {
     break; // for entities loop
    }
   }
  }
}

and here's another method:

CertificationDefinition def = certification.getCertificationDefinition(context);
if (def != null) { // quite likely in older versions
Attributes attributes = def.getAttributes();
String includedApplications = attributes.getString("includedApplications");
// this can be an empty string, a single id, or multiple ids comma delimited.
// This rule assumes it's always a single id. It's left to the reader to implement
// null value and multi-value situations
Application app = context.getObjectById(Application.class, includedApplications);
}