Methods often involve tricking the setup wizard into opening the device settings or a web browser to disable critical security services.