A public key certificate, also called an electronic or identity certificate, contains a public key consisting of a public / private key pair, as well as other metadata (such as name and location) that identify the owner of the key. The certificate owner also owns the corresponding private key.
When you sign the APK, the signing tool attaches a public key certificate to the APK. The same is true if you signed the app bundle. A public key certificate acts as “fingerprint” that uniquely associates an APK or app bundle with the owner and the corresponding private key. This will allow Android to verify that subsequent app updates are genuine and have been released by the original author. The key used to create this certificate is called the app signing key.
A keystore is a binary file that contains one or more private keys. In order to allow users to install new versions as app updates, all apps must use the same certificate throughout the usage period.