Code signing (or signing) an app allows the system to identify who signed the app and to verify that the app has not been modified since it was signed.
Signing is a requirement for uploading your app to App Store Connect and distributing it through TestFlight or the App Store. The operating system verifies the signature of apps downloaded from the App Store to ensure that apps with invalid signatures don’t run. An app’s executable code is protected by its signature because the signature becomes invalid if any of the executable code in the app bundle changes. A valid signature lets users trust that the app was signed by an Apple source and hasn’t been modified since it was signed.
Xcode uses your signing certificate to sign your app during the build process. The signing certificate consists of a public-private key pair and a certificate. The private key is used by cryptographic functions to generate the signature. The certificate is issued by Apple; it contains the public key and identifies you as the owner of the key pair. In order to sign apps, you must have both parts of your signing certificate, and an Apple certificate authority in your keychain.
An app’s signature can be removed, and the app can be re-signed using another signing certificate. For example, Apple re-signs all apps sold on the App Store. Also, a fully-tested development build of your app can be re-signed for submission to the App Store. Thus the signature is best understood not as proof of the app’s origin but as a verifiable mark placed by the signer.