If this can happen, is it possible that once mandatory developer verification comes into effect, all 3rd party apps will be uninstalled at first and require a re-install?
Concerning this specific case, NFCGate is a tool on which malware (family) titled NGate by ESET is based, thus likely causing a false positive.
Oh, and no bypass is available anymore (aside from disabling play protect):
I removed the network permission from the play store. Apps will still work if they arbitrarily require Google Play to be installed. The store itself can’t do shit.
GrapheneOS can remove Play Store network permissions. I’m not sure about others.
Some can be pretty limited in what they allow you.
Hmm, shouldn’t that be me?
For example, I tried Moto G54 5G, and it kept giving me full-screen update notifications, which would immediately re-appear when I exit it and closed it from recent apps.
Naturally, I tried to disable Moto updates, at least temporarily.
I returned the phone for a refund.