Android custom permission vs app signature

Question

I have gone through the available documentation and SO posts on both these topics (custom permissions and app signature), my understanding is:

1. Apps signed with same key can use signature-level permissions
2. A custom permission should only be defined in one place and the app declaring the permission needs to be installed first
3. A custom permission can be defined in multiple apps if the apps share same signature

Now I need to define some components in one app that I will be using in another app signed with the same key, but according to this I don't need to define a custom permission and can place a signature check

If the functionality is only available to apps signed with the same signature as the providing app, you may be able to avoid defining custom permissions by using signature checks. When one of your apps makes a request of another of your apps, the second app can verify that both apps are signed with the same certificate before complying with the request.

I don't understand what is meant by signature checks, is there a way to place a check in manifest on that component or do I have to check it programmatically? If latter, isn't it better to define a custom permission in both apps instead (to negate installation order issue)?