I've received a requirement from customer that if device is getting rooted after app has been used, then clear all cache and app db. Though we can handle once app started but is it possible to handling without opening our app? Suppose below is the case -
I've XYZ app installed and some persisted data & client db related to my app is stored in app cache. Now someone rooted the android device and try to fetch all stored db and persisted data.
Is it possible to prevent such case?
The best option is not saving anything you want to protect on the device - save it on your app server and send it to your app. App never write it to the device, just use it in its memory.
If you using a lot of data and you don't want to send it every time or it's too much to handle in memory, you can save it encrypted on the device and store the key in app server.
Note that both options are not fully protect your data, just make it more difficult to a malicious user to get it.