A hacked fdroid server could "replay" old index.jar files known to have
apps with vulnerabilities in it.  That provides a long window of time for
exploiting that vulnerability.  By checking that the timestamp of an update
is never older than the current index, this attack is prevented.