Any device with Google services installed has all apps scanned at least once per day.

>Real-time protections for non-Play installs Google Play Protect offers protection for apps that are installed from sources outside of Google Play. When a user tries to install an app, Play Protect conducts a real-time check of the app against known harmful or malicious samples that Google Play Protect has cataloged.

https://developers.google.com/android/play-protect/client-pr...

They will also go further for apks with novel signatures - take a copy, upload it to google to decompile and scan, and then if you have their express permission, allow you to install it.

99% sure Google would still know the app was run associated with other identifiers, but probably won't be turned over with the list of users downloading from the Play Store.

For sure. Another demonstration of why "side loading" software is better.

That's why F-Droid eventually won't work on new Android phones.