It should be pretty easy to get around this by using Magisk[0] systemless root, is it not? Magisk is able to pass Google's SafetyNet tamper detection API which IIRC is what Pokemon Go uses to detect root. Works for Android Pay at least, which also prevents use of the app on rooted devices.

[0]: http://forum.xda-developers.com/apps/magisk/official-magisk-...