I doubt it (if McDonalds' saves credentials, it's likely some sort of token on their servers, rather than in plaintext on the app), but that wouldn't change anything, as I am okay with running an app which saves payment credentials, on my rooted phone.
Indeed, I'm okay with doing whatever I want, within standards of human decency, with my owned device and my owned bits therein. I don't see where McDonalds' desires factor into what I do with either.
Their technical capability of imposing control over how people use their own devices isn't self-justified, or justified at all.
Just saying that if they do, maybe not you, but someone will eventually go "I saved my cards into the McD app and got a surprise $LARGE_AMOUNT bill" because of their mobile platform not enforcing the isolation.
I doubt it (if McDonalds' saves credentials, it's likely some sort of token on their servers, rather than in plaintext on the app),
But even in that remote possibility, I think it's even less likely that many folks sophisticated enough to root their phone would ever have that complaint.
I'm happy to be proven wrong with a sufficient amount of such complaints about the McDonald's app.
