Yeah, the requirement for an identifiable entity in order to merge code is ass covering and nothing more. They want to know who the author is in case of copyright infringement. In that case they can say, "If you want to sue someone, sue them. They claimed that they were able to merge this code." There's no legal requirement to do this; it's just a good idea.
You can allow random people to merge code into your repository, but if there is a legal problem, expect people to knock on your door. As you say, in the case of the Android change, it's obvious that the commit is anonymous on purpose.
Which means you can't pass the responsibility along. Without someone else to point the finger at you will be left holding the bag if the anonymous committer committed stolen, copyrighted code.
You can allow random people to merge code into your repository, but if there is a legal problem, expect people to knock on your door. As you say, in the case of the Android change, it's obvious that the commit is anonymous on purpose.