[Zak]

That wipes all the data on the device and requires logging back in to accounts. It seems to me that's high enough friction to resist most coercion.

[silver_sun]

Isn't app data, photos etc. usually synced with the Google account? Besides, Google claims that the scammers are using social engineering to create a feeling of panic and urgency, so I think the victim would be willing to reset and log in to the accounts again in such a frame of mind.

[Zak]

Some is, some is optional, some isn't.

I'm sure there's a hypothetical scenario where someone successfully runs a scam that way, but there's also a hypothetical scenario where a 24 hour wait doesn't succeed at interrupting the scam.

[silver_sun]

The perfect is the enemy of the good.

[deaux]

Which applies just the same to the hypothetical option during initial device setup.

[silver_sun]

I don't think it does because of the workaround I mentioned upthread.

[Zak]

The victim also can't be on the phone with the scammer using that device during the setup process. We're talking about a very high-friction scenario.