Sorry but "rooted" does not mean you automatically give root access to every app. You can still decide which app can have root access, which not. In the above case, he only installs banking and finance apps (without root access) and no more, not even use the device to browse the Internet. I fail to see how dangerous it is simply because the device is rooted. I'm not talking about which should be responsible. Rooted can be safe if the user knows clearly what he is doing. It is more dangerous if the user is reckless and does not have any sense of security. An unrooted device does not help to save his butts. The user is usually the weakest link in security. If this is the case, the bank should redesign its app. SafetyNet can be fooled, so do other root detection methods. A cyberthief would find a way to run the bank app in a rooted device anyway. What's more some bank/finance apps simply let them run, or only disable some features but not disallow running. It is beyond me they still let them run if it were so dangerous to allow an app to run in a rooted device.