I am developing an application in which I have to store very sensitive data and it should not come in contact with the user. I got to know from this source that if a device is rooted then accessing
There are different Points to consider:
The data is safe here on the code level. It can only be accessed through the app (in malice or normal manner)
Same as above. Your data is safe. No difference in security level, it's just as safe or unsafe as it would be unecrypted.
The data can be accessed and manipulated by any App. But you have to consider that only a very small percentage (I guess under 1-2%, but there is no reliable data on the interweb) of devices are rooted and if a user roots his device he/she deliberately leaves himself vulnerable. This is not an Android system setting, if you root, you are responsible for the consequences.
So you have the option to encrypt your data. There a ready solutions for this. But the problem is to keep the key secret. A harcoded key in source code can easily be decompiled (even with byte code obfuscator like Proguard). A per-app generated key has to be saved somewhere, and in the end on a rooted device, it can be accessed irrelevant of the location (shared pref, sql, file). A server side per user key that is only saved in RAM is a little more secure, but degrades usability as you need to make a server request the first time the app is started or everytime it's garbage collected. This may interfere with offline capability.
Aside from the last method, encrypting your shared preference hardly gives any real security enhancements.
Since April '14 Google has a malware scanner embedded in the play services on the device (also in the play store server side) that detects malice apps and its definition is frequently updated (at least every 6 weeks as is the release cycle of the play store app) and works with every Google Android 2.3+.
As a potential developer of a malicious app that reads your data I have to consider that my app only works on a small percentage of devices and then also only a brief period and my main distribution channel would be to make people download the apk and manually install the app and hopefully won't be recognized by the malware scanner immediately, which combined is a very unlikely scenario. This would make me inclined to use other means of intrusion which have a better effort-to-return ratio.
I guess that's the reason there are still only a few malice apps for Android and no widespread "infection" at least I know of (middle 2015).
I would rethink if your design fits your requirements. Usually you want to store the least sensitive data you can and only get it from the server if you need it and then only keep it in RAM as long as you need it. Data that is potentially very damaging therefore should not be saved persistently on the device (if possible). As we discussed data on your Android phone cannot be secured in a way that satisfies every security requirement.
Aside from that, you also have to consider to secure the data on the UI level or otherwise anybody could just take your phone and access the nuclear bomb codes through the app.
Update: It is not entirely correct what I said about encrypted data. See whitebox crypto for a solution on how to encrypt data on vulnerable devices.