Google Play Services effectively has superuser access to Android devices - it can uninstall or update Android apps, access app data, change system settings, etc. (The only way around this is to sandbox Google Play Services like GrapheneOS does, use an open source reimplementation like microG, or remove it entirely (but a lot of Android APIs, most of the ones that are Internet-based, are actually just Google Play Services APIs).

Originally this design was out of necessity (device manufacturers refusing to give devices OS updates to fix security issues), but it can also be used to do nefarious stuff like this. It’s also one of the main reasons Android is less secure than iOS (most Android vulnerabilities are in Google Play Services).

Entirely possible, i.e. by not allowing Google Play Protect to be toggled off anymore.