[userbinator]

That thought occurred to me too --- root the phone, patch the exploit, tell the user they now have full control, and don't do anything else malicious.

It's somewhat amusing to consider that giving the user full control of the device he/she owns may be regarded by some as malicious...

[TACIXAT]

The risk is if your payload is not perfect in all cases. Taken to the extreme, you brick a mission critical device and cost a life. This is why malware researchers don't write clean up code once they do C2 takeovers. If their cleanup command wrecks a medical device or some other ancient box still running XP, that's a lot of liability.

[Klathmon]

It's not quite as simple as "giving the user full control".

Doing so requires you to disable many checks and safeguards against other more prevalent kinds of attacks. Having an unlocked bootloader, unsigned OS, modified system partition, and putting all of the power of root behind one closed source binary...

[huxley]

I know many wouldn't see it as malicious (especially if it was done to someone else's device), but doing it without someone's knowledge or consent does seem to cross into that territory, especially if the user didn't understand or value the benefits.

[Gaelan]

If nothing else, you'd stop them from playing Pokémon Go.