To help combat the rise of sideloaded malware, Google Play will run a malware scanner during installation if it decides the app you're trying to load is interesting.
The Google Play malware system, called “Google Play Protect”, was always able to check sideloaded apps for malware, but used faster techniques like definition files (for comparison). All this was happening quietly in the background.
New technique it will delay the installation of your application since it will show a full “scanning” interface screens, while Google will perform a deep scan of the app's code.
The Google blog post he says that it's "real-time code-level scanning to combat new malicious apps" and that Google Play Protect can "suggest a real-time app scan when installing apps that have never been scanned before to help identify pop-ups threats.”
Scanning will involve sending parts of the app to Google for analysis. Google states:
“The scan will extract important parts of the app and send them to Play Protect for code-level evaluation. Once the real-time analysis is complete, users will receive a result letting them know if the app looks safe to install or if the scan has found the app to be potentially harmful. This improvement will help better protect users from malicious polymorphic applications that leverage various methods, such as artificial intelligence, so that they can be modified to avoid detection.”
Google is initially rolling out this feature in India – a country that has been at the top of the malware distribution charts, while saying that the new feature “will be rolled out to all regions in the coming months”.