The reason is very simple: They rely on Google Safetynet (basically self-diagnosis). And that will immediately tell you off if it notices your device is rooted. And while you can have a lengthy discussion regarding whether this makes your phone less secure or not, this is another simple argument from Google’s POV: The device has obviously been tampered with, we don’t want to put any resources into covering this case. As far as we are concerned, you shouldn’t use our OS like this.
The banking apps I’ve tried don’t require SafetyNet, instead they use Android AOSP’s basicIntegrity. The latter doesn’t require certification by Google, but also checks whether the device is rooted and the bootloader is locked.
This means custom ROM’s on most devices won’t pass basicIntegrity, as only Google Pixel, OnePlus and Fairphone allow for relocking the bootloader.
The reason is very simple: They rely on Google Safetynet (basically self-diagnosis). And that will immediately tell you off if it notices your device is rooted. And while you can have a lengthy discussion regarding whether this makes your phone less secure or not, this is another simple argument from Google’s POV: The device has obviously been tampered with, we don’t want to put any resources into covering this case. As far as we are concerned, you shouldn’t use our OS like this.
So basically laziness.
The banking apps I’ve tried don’t require SafetyNet, instead they use Android AOSP’s
basicIntegrity
. The latter doesn’t require certification by Google, but also checks whether the device is rooted and the bootloader is locked.This means custom ROM’s on most devices won’t pass
basicIntegrity
, as only Google Pixel,OnePlusand Fairphone allow for relocking the bootloader.