Yes. As of September 2024, Google Play Protect no longer sends sideloaded applications for cloud scanning on enterprise-managed devices.
Previously, when an app was installed outside of Google Play or managed Google Play (including apps pushed by an EMM's own installer), Play Protect would prompt the user to send the app to Google for scanning. This was an additional layer of protection beyond on-device detection.
Google removed this behaviour on managed devices in response to enterprise feedback. Organisations raised concerns about private, internally developed applications being uploaded to Google's servers for analysis - a data handling concern for security-conscious environments.
Partially. On-device Play Protect detection continues to function. Known malicious applications will still be flagged and may be removed regardless of how they were installed. What has changed is that unknown apps (those not in Google's database) are no longer sent for cloud-based analysis on managed devices.
For most enterprise deployments where apps are distributed through managed Google Play or a trusted internal pipeline, this change has minimal practical impact. Organisations that rely heavily on sideloaded apps from less controlled sources should consider additional endpoint security measures.
No. On personal (unmanaged) devices, Play Protect continues to offer the cloud scanning prompt for sideloaded apps as before.
Sources: