If the signature does not match that tells you the app was tampered with, but the inverse is not true when your "adversary" controls the compiler, installer, and the operating system itself. Reflections on Trusting Trust (https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...) provides a good explanation as to why.