I think it's a little bit more complicated. There's a point where this becomes somewhat questionable. Say the toy has a reputable certification and the company, up until now, never had any track record of mistreating their customers. In this case I'd argue the company is responsible, not the parent, and that it is actually worthy following through to find whoever acted maliciously rather than just picking the last person in the chain.
Now in the particular case of ads in applications, I think there are surely many developers who fail to do their due diligence when picking advertisement partners, but without a doubt there are also advertisement companies who excel at duping the developers they work with.
If someone trades a product with a neighbor, are they liable since they sold it for a different form of currency? Or would this only be aimed at those who reach a certain level of trading/selling per year?
Now in the particular case of ads in applications, I think there are surely many developers who fail to do their due diligence when picking advertisement partners, but without a doubt there are also advertisement companies who excel at duping the developers they work with.