Sure. You ship the device in open mode, and then doing it is easy. The device supports closed mode (i.e. whatever the currently configured package installation sources are, you can no longer add more), and if you put the device in closed mode, getting it back out requires attaching a debugger to the USB port, a big scary message and confirmation on the phone screen itself, and a full device wipe.

Then you put grandma's device in closed mode and explicitly tell her never to do the scary thing that takes it back out again and call you immediately if anyone asks her to. Or, for someone who is not competent to follow that simple instruction (e.g. small children or senile adults), you make the factory reset require a password and then don't give it to them.

Fix the phone system so calls must positively identify themselves.

There is no reason anyone purporting to be from a business or the government should be able to place a call without cryptographically proving their identity.

Stop gatekeeping actually useful apps. Nobody should never need to see the message to do anything they actually want to do, otherwise it leads to normalization of deviance.

False positives from PC virus scanners are very rare.