There's no way this is really about scammers. I have never heard of scammers pushing sideloaded apps upon their victims in order to carry out their scams.

Would welcome evidence to the contrary. Is this truly a threat model that's seen in the wild?

My gut says no because social engineering is about hijacking legitimate, first-party processes. Scammers attack login credentials, MFA flows, and use first-party apps to maintain access (think remote control software like TeamViewer). These apps come from the Play Store, not from meticulously curated collections like F-Droid, and not from somebody pressuring you to sideload an APK.

And if scammers decide to use sideloading as an attack vector -- then like all the other security gates that can be defeated via social engineering, I expect they will find an end-run around this one as well. Either on a technical basis, or by social-engineering users into bumbling past it and on to the next stage of the scam.

Build an idiot-proof system and society will build a better idiot. And yeah, the rest of us only wind up slightly annoyed, _for now_, until Google tightens their grip further on some other flimsy pretext.