Yeah, that root detection is the bane of my existence, beyond just RCS. Even entirely ignoring my phone having much stronger security than with the stock OS (and therefore rendering the whole “security” excuse to be complete BS), if I want to take on the risk of using an “insecure” device for payments or whatever then that's my choice to make and mine alone.

Your credit card probably has a policy where they take on the liability for fraud. At least in that case, you're not the one primarily taking on the risk for using an insecure device

The risk they'd allegedly take on by letting me use an “insecure” device is far lower than the risk already inherent in, say, the card having an RFID chip in it that anyone can silently scan from a distance unless I happen to have the foresight to buy and use a fancy RF-blocking wallet (that actually does block RF signals), or the card having all of the authenticating info¹ printed directly on it such that anyone who has access to it for the whole three seconds it takes to snap a photo of both sides can then use it to make purchases on quite literally every website that accepts credit cards.

Needless to say: letting me use an “insecure” device for tap-to-pay would considerably lower their risk compared to me not using a device at all and instead using a physical card — even, again, ignoring that my device is in all likelihood considerably more secure (and therefore exposing them to even less risk) than it was in its stock configuration.

----

¹ except for my ZIP code, which is easily guessable if you know roughly where I live — which I don't exactly keep particularly secret!

I use a rooted android phone with a custom ROM and I'm on your side. I was just pointing out that you wouldn't be taking on all the risk if your credit card provider assumes some liability for fraud.