OxygenOS before version 4.0.2 has two hidden fastboot
fastboot oem 4F500301/2
which allow the attacker to effectively lock/unlock the bootloader, disregarding
OEM Unlocking checkbox, without user confirmation and without a factory reset. This allows for persistent code execution
with high privileges (kernel/root) with complete access to user data.