In the given scenario though it's less likely such a user would be using a rooted or replacement OS. It's an involved process to do this in the first place.

Ie: the much larger percent of users affected by this news would already be more technically savvy and one would assume be less susceptible to known scams.

To your parent point though, sideloading apps per se OTOH is something most Android installs can do without rooting or a replacement OS. Google is already rolling out developer verification requirements for sideloaded apps on GMS Android installs (most devices) to mitigate impact of malicious apps, so there is already action being taken for regular users.

One could imagine other reasons Vietnam may want to dissuade more tech savvy users from running AOSP-based installs (such as GrapheneOS, which is known to be robust against Cellebrite) and using banking is a decent place to start.