Yea the argument stated works better for rooted environments than rootless environments or sideloading.

In a non-root scenario, you would need to specify a few permissions to give a keylogger that amount of access. I think that a big issue is people not understanding that there is a difference between a rooted device or root installed app, and a sideloaded application.

Just because you have a non-google device or a rooted device != you have a compromised device. Applications aren’t going to magically install running as root, every rom worth their salt keeps it a clear isolation between the layers, and some roms don’t even allow you to use the root environment after installing it.