Let’s say a user decides to download an app from the Play store but the app contains code that is malicious or harmful, users are protected by Google Play Protect which is a security feature that scans apps for malware and other threats.
Then why was that app approved for distribution on the Play Store
Because scanning an app once in the store is only part of the defence against modern attacks due to how they evolve after installation. Assuming that an app is safe because it’s passed the store check is disingenuous and leads to a false sense of security.
Apps may feature code that dynamically changes on your device and not show that behaviour until a while. That’s why play protect scans for malicious apps and may further block an app from functioning if it detects suspicious activity.
i think google just says that to scare ppl away from foss