The biggest security concerns to apps on rooted devices are that:

1. Users can access your internal data directly
2. Other apps can access your app’s private data

The best you can do is:

1. Encrypt your data in a manner that makes it hard to reverse engineer. If someone is after your data, you should work on the assumption that they have decompiled your app as well. Due to this, do all encryption/decryption on the server, and don’t make your algorithms etc common knowledge
2. If you are supposed to store data on the device itself, make it obscure. So if you have to save an integer, don’t save the raw value. Use something like savedValue = ((((realValue*10)+1)/365*23)*50)+1; This makes it hard for a hacker to edit your saved value and get a desired result, though since he/she would have decompiled your apk, it’s a very basic protective measure.
3. Store as little high risk data as possible on the device. When needed, download it over a secure connection, display it and delete it even from the RAM. Also, keep confidential data in the memory for as little time as possible, as unencrypted data in the RAM can be read.
4. Make sure your encryption techniques aren’t easy to brute force. As other apps can also access your data on rooted devices, there is a chance your data could be sent to a remote server for decryption, and such a server will have a lot more processing power than your mobile phones

These are just some suggestions I could think of. I am by no means a security expert, and you might want to consult one of those on this matter.