In addition to what others have mentioned about general inaccuracy in progress meters, once the file has been 100% received, your system kicks off a few processes to check if the file is safe. First, it will compute a signature (hash) of the file and send it to one or more public servers run by Google, Microsoft, etc. which check to see if the hash is a common one (a frequently downloaded file is more likely to be safe), or if it matches any known malware downloads. On desktop operating systems, your anti-virus software will also activate to analyze the file to look for any suspicious markers that could indicate malware. During these processes, the download is progress is locked at “100% downloaded (but still not finished)” so you can’t accidentally run any malware before it has passed all the tests.