I know that there are issues with using Aptoide to install apps on Android. There's a pretty good discussion about this in this other question. If only regarding legal issues, Aptoide is definitely a gray area as some apps are not legally distributed there, clearly bypassing fees setup on the Google Play Store or breaking licensing terms. Furthermore, there are concerns that malware can be injected in apps shipped on Aptoide, although they make efforts to scan apps for such problems.
I wonder, however, if upgrading apps has the same issues as installing fresh new apps. Say I have an old APK from an app I paid from on the Google Play Store, then lost access to my store credentials (lost the phone!) but I still have the APK of the application lying around. So I installed that old version of the app and want to upgrade, but without buying the app again.
I understand (but may be mistaken) that Android has some sort of TOFU security model for apps: if you have installed an app, there is a public key that signed the APK and Android will not allow updates to the app if that key changes. Therefore, if I update an app using Aptoide, that signature will be checked and I can actually be (cryptographically) sure that the app update actually comes from the original author and hasn't been tampered with by Aptoide or the repository manager.
Is that a fair assumption?