To help combat the rise of sideloaded malware, Google Play will run a malware scanner during installation if it decides the app you're trying to load is interesting.
Google Play's malware system, called “Google Play Protect”, has always been able to scan sideloaded apps for malware, but used faster techniques like definition files (for comparison). All this was happening quietly in the background.
The new technique will delay the installation of your app by displaying a full-screen “scanning” interface while Google performs a deep scan of the app's code.
The Google blog post he says that it's "real-time code-level scanning to combat new malicious apps" and that Google Play Protect can "suggest a real-time app scan when installing apps that have never been scanned before to help identify pop-ups threats.”
Scanning will involve sending parts of the app to Google for analysis. Google states:
“The scan will extract important parts of the app and send them to Play Protect for code-level evaluation. Once the real-time analysis is complete, users will receive a result letting them know if the app looks safe to install or if the scan has found the app to be potentially harmful. This improvement will help better protect users from malicious polymorphic apps that use various methods, such as artificial intelligence, to modify themselves to avoid detection.”
Google is initially rolling out this feature in India – a country that has been at the top of the malware distribution charts, while saying that the new feature “will be rolled out to all regions in the coming months”.