I understand it as being your public key is not necessarily secret but it is just one more way to help keep someone from easily replacing your key with their own key. It mainly keeps the key obfuscated while it is in memory making it harder to pull out.
Say your app uses this to download extra content. If the user replaces your public with one that they know the private key for, they could produce purchase receipts without ever contacting the server and your app will think they are real.
The best way to avoid this is to do the verification on your own server where they can't get at the code. If the server verifies it, then it downloads.
No matter what you do, its a fact that your app can be hacked if they want to spend the time doing it. Even after all the key checks are made it can be a matter of flipping one bit to change the result of a key check. The object is to give them one more hurdle to overcome.