As many others here has already mentioned, this sort of thing really does still happen (and happens regularly in my country (Vietnam)). To be honest, I was a bit surprised by this question; is fraud really not a common occurrence where you live?

There is an even worse consequence. If the “advanced flow” is managed by Google Play Services, under the current mechanism, scammers can simply tell their victims to disable Google Play Services. Consequently, Google could block the ability to disable their proprietary blobs under the pretext of “protecting users”.

“Sideloading” is obviously a ridiculous term made by Google. Is there anything called like this on Windows?

No. I was fortunate enough to be able to flash GrapheneOS on a Google Pixel. You should know that you can debloat stock using something like Universal Android Debloater Next Generation. That provides more privacy without compromise to much of the security. Rooting gives you full control but is a major security regression because you have full control.

Yeah, I do use Canta for bloatware removal, but there are some bloatware and system apps I can’t remove.

The uncertain amount of privacy I can have with it, and my desire of bypassing Play Integrity and Google Play license check too, are why rooting is one of the options I’m considering.