Re: "and assume root privilege"
Trusted rooting implementations require apps to be whitelisted or one time authorised before they can successfully call su.
Malware on a user rooted device will need to trick the user into authorising it or find an exploit to replace the existing su. Rooting a device is pretty safe unless you're easily tricked.