Resolution
Here's one way:
 List entities = certification.getEntities();
 boolean found = false;
 String application = null;
 if (entities != null) {
 while (!found) {
  for (Object certEntityObj : entities) {
  CertificationEntity nextEntity = (CertificationEntity) certEntityObj;
  List items = nextEntity.getItems();
  if (items != null) {
   for (Object certItemObj : items) {
   CertificationItem item = (CertificationItem) certItemObj;
   if (item.getType().equals(CertificationItem.Type.Exception)) {
    // Has 'extra' entitlements.  Only way to reliably get application
    application = item.getEntitlements().get(0).getApplication();
    if (application != null && !application.equals("")) {
    found = true;
    break; // for items loop
    }
   }
   }
  }
  if (found) {
   break; // for entities loop
  }
  }
 }
 }
and here's another method:
CertificationDefinition def = certification.getCertificationDefinition(context);
if (def != null) { // quite likely in older versions
Attributes attributes = def.getAttributes();
String includedApplications = attributes.getString("includedApplications");
// this can be an empty string, a single id, or multiple ids comma delimited.
// This rule assumes it's always a single id. It's left to the reader to implement
// null value and multi-value situations
Application app = context.getObjectById(Application.class, includedApplications);
}