APK signature verified but warns file "not protected by signature"?

I'm using apksigner to verify the authenticity of a Google Podcast apk that I downloaded from an apk mirror. This apk (and older versions) verifies successfully (v1/v2/v3) and returns exit code 0 but in the output I see this warning: **WARNING: META-INF/services/com.google.protobuf.GeneratedExtensionRegistryLoader not protected by signature. Unauthorized modifications to this JAR entry will not be detected. Delete or move the entry outside of META-INF/.** I do not understand what the impact of that is. If the APK is signed, and verified, why do I see this warning? Does it mean the APK could be trojaned or modified? How could an attacker exploit that? I am downloading some older versions of some Google apps and I want to be sure they aren't trojaned, which is why I'm trying to verify the authenticity before I install them on my phone.