Let me explain this slowly then as you seem not to understand security principles. Android has been designed by Google to run in a certain way. That includes every single permission. Changing how permissions work changes the security. It compromises security especially since Android has precise permissions.
Rooting doesn't necessarily change any permissions, in terms of file permissions or the user/privileges apps normally run under. The main difference is that it becomes possible for user-launched apps to run with root permissions, rather than only internal OS processes that the user can't control having this capability. Other than that, permissions don't need to change and generally don't. I'm all too aware of Android's fine-grained permissions and how badly things can break if they're tampered with. If the permission that can't change because it would break the security model is the authenticated user being able to run apps as root, then Android must already be designed as a walled-garden DRM jail cell rather than a general-purpose OS.
In terms of that capability alone breaking an app, that doesn't make sense. It's not something that would ever normally happen or could unintentionally interfere with a program's normal operation. An app has no more reason to stop working because it's possible for a user process to run with root privileges than it would because a user named "geoff" exists on the system. It may be possible to intentionally code an app to stop working in either of those scenarios, but it's not something that should ever naturally occur.
1) How is that remotely relevant to this discussion? As a manufacturer, Google must support hardware that shipped with Android . Google does not make Android PCs. 2) You do know Android for PC are emulators not from Google, right? As such why would you think that a manufacturer must support 3rd party software on 3rd party hardware.
1) My point was that hardware doesn't matter. Google Messenger and their RCS libraries are not dependent on specific hardware configurations. 2) There are Android distros compiled for x86, not just emulators.
Dear God, root access is not acceptable on desktops on Linux and BSD. How do you not understand that? The Windows model for too long was everyone has root access. Even Microsoft changed that starting with NT; that is why Vista was such a debacle as the core of Windows permissions changed and many subsystems and applications were not ready for it. Even if you build your own Linux machine, you should never run as root unless you absolutely need to do so. It seems you fail to grasp basic computer security concepts.
And yet we use root access every time we install or remove a system-wide package, update a bootloader, perform a low-level hardware operation etc. That's what I mean by desktops having root access, and that's the capability that's added when an Android device is rooted. Rooting an Android device brings it on par with a desktop OS in terms of root access. It doesn't mean you use it wantonly or constantly like pre-NT Windows did, just that it's possible and available to authenticated users. To make a desktop OS like Android, you'd have to remove any capability for the user to run anything as root - no root login, no sudo/gksudo/UAC prompts or even single-user mode from a bootloader - and partition all apps either into userspace or a user-inaccessible OS space. Then that desktop OS would not allow root access.
Replacing the existing software that the manufacturer has designed with the existing hardware does not compromise the security? If you don't understand this point, you will never understand because you fail to understand that if you don't trust the manufacturer that does not mean you should trust everyone else.
So does installing Debian on a PC that came with Windows compromise its security? If not, how does that differ from installing AOSP on a phone that came with an Android install from Google?