This includes digitally signing the app installation package, which can be used to authenticate that software comes from a trusted source before it is installed. The digital signature on the app installation code must identify the entity responsible for the app. This demonstrates that the signature was generated by a trusted source, otherwise it is possible that an adversary created a malicious app that has the appearance and utility of an app in current use.