From the Android website:
Android requires that all apps be digitally signed with a certificate before they can be installed.
The signature ensures that only the original developer can publish an update for their app. It doesn't ensure that no faked app gets delivered to the user the first place. The developer can't monitor whether google delivers "real" versions of their apks or faked ones. So the end user has to trust google. Why not completely rely on google, and remove the signature? The developer authenticates themselves to google via their google account, and therefore every app is traceable to its developer. And the path from google to the play store app can be secured through https.