While searching for some info on Windows Store distributed Metro Apps I came across several things which suggested that a Metro App downloaded/updated from the Windows Store would be signed by Microsoft and developers don't need a certificate. In the App Developer Agreement I noticed that it says "You grant to Microsoft the worldwide right to... and sign the app (including by removing preexisting signatures) ... ". Remove pre-existing signatures? I figured Windows Store distributed Metro Apps would be signed by Microsoft, but I also figured that security minded developers would sign their Metro Apps as well. So I'm confused. How does one verify that the WidgetCo Metro App distributed via the Windows Store is exactly what was submitted to the store by WidgetCo? How does one verify that Microsoft isn't distributing a Metro App in the name of WidgetCo?