Had to work hard on that one, stand on a standard, but… Ok, ok, the AppxUpload does stand on a standard. Really.
The standard is the OPC standard and I guess that the Phone file as well as the Windows 8 store files are both based on this, although it is difficult to trace these file formats back to the OPC outside of just someone saying in one article and posting this link as proof (but it is only about the Office formats):
The more comprehensive article is here, but seems to be off a little bit:<<I wrote this article seemed a little off, but I was incorrect, that statement was about a DirectX article I was reading at the time, so my apologies to the author of the article. In re-reading the article it is actually a good example for the C++/DirectX team to follow.
Exploring the AppxUpload file
First create a simple AppxUpload file, you must change the extension AppxUpload to zip and then unzip it. Then you will have an Appx file, change that extension to zip, unzip it and now you can view what is in the file.
For a simple construct2 file I had on my machine the appxupload file unzipped to reveal these files (Scroll down to see more discussion):
These are the description of the various files in the directory:
App code files and assets
Payload files are the code files and assets that you author when you create your Windows Store app.
App manifest file (AppxManifest.xml)
The app manifest declares the identity of the app, the app's capabilities, and info for deploying and updating. For more info about the app manifest file, see App package manifest.
App block map
App package’s block map file (AppxBlockMap.xml)
The block map file lists all the app files contained in the package along with associated cryptographic hash values that the operating system uses to validate file integrity and to optimize an update for the app. For more info about the block map file, see App package block map.
App package’s digital signature file (AppxSignature.p7x)
The app package signature ensures that the package and contents haven't been modified after they were signed. If the signing certificate validates to a Trusted Root Certification Authorities Certificate, the signature also identifies who signed the package. The signer of the package is typically the publisher or author of the app.