Looking at AOSP, the logic that allows something like Play Protect to work is at [1]. It looks for system apps that can handle the ACTION_PACKAGE_NEEDS_VERIFICATION intent, which is the Play Store app in this case. Looking at the Play Store's AndroidManifest.xml, the PackageVerificationReceiver component is what listens for that intent.
With root access, it should be possible to disable just that component without breaking other functionality by running:
With root access, it should be possible to disable just that component without breaking other functionality by running:
To reenable: Without root access, disabling the Play Store completely (if you don't need it) via the normal Android settings should also do the trick.[1] https://android.googlesource.com/platform/frameworks/base/+/...