Be careful with this statement. The whole premise behind banks requiring non-rooted phones is "we can be sure that sandboxing works on the original ROMs—e.g., it will prevent malware from screenshotting our app, and we know that certain custom ROMs patch this snapshot-prohibition code out, thus deliberately breaking the sandbox that we rely upon".