By default, all Android applications have no permission to access any protected resource that would have adverse effects on the system or on other applications.
It is not necessary that every application installed on an Android device be signed by the developer before being published.
If two applications are developed by the same developer, they can share each other's data if they have the same signature and the same android:sharedUserId flag set in their manifest files.
Releasing updates of an application into Google Play requires signing it with the same certificate, or else all the previous users will not be notified of the update and eventually are lost.
A digital certificate is an electronic ''passport'' that allows a person, computer or organization to exchange information securely over the Internet using the public key infrastructure (PKI).The message is encrypted with the Private key, and can only be decrypted with the Public key.