What does PackageInfo.signatures return?

Why there are multiple signatures in this value? Are these values the public key of the package?

Can I uniquely i开发者_StackOverflowdentify a package using this signature instead of reading the files under META-INF, or calculating an MD5 on the whole APK file?

According to @hackbod, this is all the public keys the APK was signed with

Despite its name, the contents of PackageInfo.signatures is the public keys your app is signed with. This absolutely, positively does not change between builds. This is the pure identify of the developer of the app.

Reference: https://groups.google.com/d/msg/android-developers/fPtdt6zDzns/MDqie6k7qo0J