> Here is a recent report of widespread advanced malware looking to see if a device is rooted

Okay? I do actually think that should be blocked (good root is invisible), but I'm not seeing a problem.

> Here is a report of malware using root

To quote the article:

> In addition to collecting the messages using the Accessibility Services, if root access is available, the spyware steals the WhatsApp database files by copying them from WhatsApp’s private storage.

Note that it already uses a11y features to do the same thing regardless, but also this is another case of conveniently skipping all the important details. Seriously - "if root access is available, the spyware steals" - how did it get root access? If the "vulnerability" is that the malware asks the user for root access and the user gives it, that is not a vulnerability. A system where malware needs permission to do bad things is perfectly fine.