Do usual dev.mod.shut…

1. You then have to confirm that you aren’t being coached/guided/instructed by a bad actor to turn off the security measures.

2. This is followed by a device restart and re-authentication that “cuts off any remote access or active phone calls a scammer might be using to watch what you’re doing.”

3. A required “Security wait” takes one day to “confirm that this is really you who’s making this change with our biometric authentication (fingerprint or face unlock) or device PIN.” This is a one-time wait.

4. Afterwards, you can install apps from unverified developers indefinitely, while there’s also a 7-day “Turn on temporarily” option.

I don’t think the wait is necessary. If someone were to continue being scammed after a reboot, they’d continue to be scamme tomorrow. An additional education piece after the reboot would be more effective.