Maybe 10-20%, generously. The people who are falling for it under current protections clearly are not reading anything they're looking at or thinking about security at all, they've fallen for social engineering scams and sincerely believe they're at imminent risk of being arrested by the FBI or that their adult child is about to be killed. They're in fight or flight mode already, not critical thinking and careful deliberation mode.
If you were to rank everyone by gullibility, these people would largely be clustered in the top 1-2% of most gullible people. There is very little you can do to protect these people, realistically.
That actually sounds like an argument is favor of this restriction. If someone is in a position of deep trust with the scammer then waiting a day is nothing. But if they're in a panic, not thinking things through or calling anyone for advice, that state probably won't last 24 hours.
What I would challenge you to consider is this: where do we draw the "good enough" line, where we finally stop sacrificing freedom over the devices we purchased under terms that originally included freedom, control, and ownership at the altar of protecting the vulnerable?
Do scam victims need to be 0.1% of all Android users? 0.01%? 0.0001%? Should this extend to computers too - should local admin become completely unavailable to all Windows users? Should root become unavailable to all Mac users? To all Linux users? Should you be allowed to own technology at all, or merely rent it as a managed service, to protect those who cannot be trusted to own devices without getting scammed?
