In December last year we announced that we would be making updates to app security to help verify product authenticity from Google Play. We are now adding a small amount of security metadata on top of APKs to verify that the APK was distributed by Google Play.
https://android-developers.googleblog.com/2018/06/google-play-security-metadata-and.html
Next step will be restricting any installation without this signing data. I expect this to happen within one year.
Of course, at first it'll be soft and will be declared that only new application for new OS version will require it.
It looks like you're new here. If you want to get involved, click one of these buttons!