Oddbean new post about login | logout I mean verify before download. For example if someone upload a malicious apk not signed by the dev Obtainium will download and install it, right?
Not necesarily install it. Downloading and installing are seperate events. One is a retrieval of digital data from a different machine, installing is the act of setting up an application to be used on your device. A downloaded apk file is not usable as app: you need to install it, which means placing data on needed places in the system, so that the system knows how to handle them.