There's no way this is really about scammers. I have never heard of scammers pushing sideloaded apps upon their victims in order to carry out their scams.

Would welcome evidence to the contrary. Is this truly a threat model that's seen in the wild?

My gut says no because social engineering is about hijacking legitimate, first-party processes. Scammers attack login credentials, MFA flows, and use first-party apps to maintain access (think remote control software like TeamViewer). These apps come from the Play Store, not from meticulously curated collections like F-Droid, and not from somebody pressuring you to sideload an APK.

And if scammers decide to use sideloading as an attack vector -- then like all the other security gates that can be defeated via social engineering, I expect they will find an end-run around this one as well. Either on a technical basis, or by social-engineering users into bumbling past it and on to the next stage of the scam.

Build an idiot-proof system and society will build a better idiot. And yeah, the rest of us only wind up slightly annoyed, _for now_, until Google tightens their grip further on some other flimsy pretext.

No, it is not. This is moving the goalposts. The original issue is developer verification. No appreciable harm prevention can or will come from forcing devs to identify themselves.

That's because most fraud uses social tactics and LEGITIMATE tools/software.

Impinging on my property rights cannot and will not protect fraud victims.

It won't make a dent in scammers' revenue.