As we've seen with the complaints re: AMP [0], Google is incredibly talented at building "it loads faster" features that are primarily a way to give them greater control over monetization in ways that are less than transparent. Requiring signing keys can be both of these things at once.

[0] https://searchengineland.com/google-throttled-amp-page-speed...

The real Google response would be - it's to facilitate a migration to new signing keys in case the developer:

1. Loses their signing keys

2. Needs to migrate to a better signing algorithm

Google can just handle that on your behalf. Additionally, there's no more need to care about signing keys at any point in the development pipeline. Rather than keep it secret, anyone with proper access to the Google developer console can sign and release apps

More cynically, what they're really guarding against is other app stores. It's MUCH harder to migrate an app from the Play Store to another store if the signatures don't match.

* Without a matching signature, the user can't pull their data from Google in the same way. They'd have to completely uninstall and reinstall the app, potentially losing data if the app isn't backed by a server.

* With a matching signature, the other app store should pick it up seamlessly.

Modifying apps without opt-in seems like a step further than they'd be able to pull off without massive backlash right now.