Cryptography - Why does it matter?

To make application binaries authentic, digital signatures are attached to prove their authenticity. Digital signatures can be understood easily if you understand the concept behind signing any legal document. A signature on a legal document indicates that reader has read the document, understood it and agreed to be bound by the terms and conditions of the agreement. If you have ever signed any legal document, you would also know that right beside a signature there is always a date stamp. I don't have to explain the importance of date stamp with signatures, so, I will explain digital signatures now.

Digital signatures on application binaries are created through cryptographic functions to associate the information about developer or organization who owns the rights for application and the time when application binaries were created.

This helps users of the application to understand the authenticity of the binaries, i.e.,

1. The origin of the application in terms of who signed the application binaries
2. Whether application binaries were changed since they were signed (applications fail to work if the underlying system detects that application binaries were changed somehow after they were signed)

Having above mentioned information handy, automated systems can make security decisions by themselves; Whether to flag some of the binaries which have been signed by entities which are not recognized by the organization, detect tempered binaries existing on the organization's infrastructure or detect binaries existing without being signed by any one at all; And this is a perfect case scenario for Code Injection attack, which can literally give full control of an application (which may represent a business unit) in the hands of an attacker.