I don't understand all the feelings of betrayal here, honestly. What Google is doing by securing their payments is for your benefit.
Sure, you could rootcloak the app, but how many other apps are on your device, and do you know what permissions each of them is granted? What specifically they are asking to access? The explanation of permissions is far too vague IMO. (Mr. Security Engineer, you wanted am idea, here you go. Elaborate on the permissions. Like why the Subway app wants access to take photos and video (there's not a need for this), or what contents
exactly is it reading, writing or deleting from my SD Card?)
Add to that the fact that rooting your devices has become a fad now so everyone "can haz kewl fones".
We have people rooting that don't even understand what it is, what it does, or how it works. Taking that into consideration and add in allowing Android Pay to function on a rooted device is a recipe for disaster.
You want a disclaimer? How about the one that is in almost every OP on this site?
Code:
[COLOR="Red"][B][I][U]WARNING: Flashing anything on your device is done at your own risk. There is no way myself or any other developer can guarantee that flashing this ROM or any other file will not brick your device or otherwise cause some other type of damage. This is just a standard warning. I am not responsible for anything that you do to your device.[/U][/I][/B][/COLOR]
You have accepted the terms of use from Google when you activated your device, those terms only offer any protection while using OEM firmware, by flashing any modification you have given up any rights/claims to Google services and products. While it's great that Google pays attention to this community and user base, we need to be mindful that we are a miniscule percentage of the overall and that the bottom line is that
Android is a business with
millions of users data in the mix.
The great thing about this platform is that you have choices. So what if Google is protecting themselves by not allowing rooted devices to use this API? There are other apps that will, or maybe, you could just use a damn card. I mean really, how much harder is it to pull out a card and swipe it?
Guess what I'm driving at here is that Google, as a company, is taking steps to protect you, sometimes even from yourselves. Could be worse, so if you're even able to root your device, count yourselves lucky because others aren't so fortunate.
JM2C anyway...