How it works?

Whenever someone wants to download an APK file from apk-dl.com, we’ll check the corresponding APK file on Google Play and allow user download it directly (of course, we’ll cache it on our server).
Why apk-dl.com is 100% safe?

The security of APK has been taken as a very serious problem for us. That’s why we will make sure that any APK is from its official manufacture. We use “Certificate Fingerprint” to check who published the APK file. After extracted one string from APK file as the identification of APK certificate (using SHA1 algorithm), we’ll compare this identification with the one existed in Google Play. If they are identical, we‘ll consider this APK is safe. Otherwise, it’s not.

We’ll download APK files directly from google play, So it’s not possible to download “unsafe” APK from apk-dl.com.
Why using SHA1 to check the identification of certificate is safe?

Please refer to the following authoritative information to check the reason.
References

1.Wiki:Android application package

2.Signing Your Applications

3.Application Signature Verification: How It Works

4.Understanding Signing and Verification

5.X.509 Certificates and Certificate Revocation Lists (CRLs)