Adversaries may include functionality in malware that uninstalls the malicious application from the device. This can be achieved by:
Application vetting services could look for use of the accessibility service or features that typically require root access.
Attestation can detect rooted devices.
Security updates typically provide patches for vulnerabilities that enable device rooting.
Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.