Working with Security Metadata in APK file

According to this Blog post , Google has added a Security Metadata on top of an APK to verify that it was originally distributed by Google Play. More specifically it adds APK Signing Block to the APK file. I have some questions regarding this: (1) How did Google insert this the metadata into APK signing block of the APK and how it verifies that metadata on the phone (technically)? I guess it is possible to create custom content in this signing block? Let's say I want to distribute some APK privately in my company, when the user installs that APK then I can figure out if the APK belongs to our company or not, just like Google did with their apps in Play Store. (2) If all developers use App Signing by Google Play , then does the mentioned security metadata above become unnecessary? Because Google can just simply verify the certificate inside each APK instead. My apologies for the shallow understanding. Any comments are highly appreciated!