Netflix is the first big name on Google Play to block Android devices that are rooted or have an unlocked bootloader from downloading its app. And it looks like it may not be the last, as now Google is officially giving all developers the option to do the same.
Developers on Google Play can enforce support exclusions based on a device's SafetyNet status, which is also what Netflix has used to restrict access. Out of the box, rooted devices or devices with an unlocked bootloader are supported, but developers have two options that they can choose to change that.
As Google explains in this support page, SafetyNet Exclusions, as the feature is officially referred to, enables developers to exclude devices that either "don't pass basic integrity" tests or "are uncertified by Google and don't pass basic integrity" tests. What do those options mean?
What you need to know about the first of the two aforementioned options is that it restricts access to devices that are rooted or have an unlocked bootloader. The second extends this restriction to devices that do not pass Android compatibility testing and do not feature proprietary apps that Google licensed.
Basically, if you get a device that does not come with the Google Play suite on it, like a Xiaomi smartphone that you purchased from a Chinese retailer, chances are it'll be seen as "uncertified" and you will not be able to download apps whose developers have chosen that more-restrictive option.
It is difficult to say how many devices would fall in this category, from the number of those that access Google Play, but users can find out if their device is uncertified by checking its "Device certification status" in the Settings menu of the Play Store app.