One attack that is difficult to protect against involves someone taking your application, decompiling it, changing it, and re-publishing it to the app stores. The attacker then tries to get users to install their modified version instead of your official one. A well crafted app will still behave like the original so the user has no idea they are using a version that has been tampered with.
Code signing and verification is a mechanism used to ensure that the code being executed has not been tampered with. When code is authored, a fingerprint is computed and that fingerprint is signed with a private key. At execution time, the same fingerprint is computed and the matching public key is used to verify that the signature matches. If the signature matches, then the code can be executed, otherwise the code is rejected with a security exception.
However, disabling apps on rooted phones is also a double-edge sword. Some people root their phones to install security patches, and in some cases rooted phones may actually be more secure than stock installs. If you are going to perform root detection, think about your target audience and if this security measure actually makes sense for your app.