An app signature is basically a verification from the developer that the Google Play Store can run against it’s existing verification mechanism to confirm updates on app. An app will be updated only if the signatures match. The Janus vulnerability, which was recently discovered – allowed perpetrators to modify APKs without involving the app signature. Here’s the technical aspect of the Janus Vulnerability: This Janus vulnerability was reported to Google in late July and Google has finally issued a fix with the Android Security Patch dated 1st December.