Does malicious Android app may access notes? (security)

I know that on Windows notes are saved in plain text in database.sqlite so if a malicious app gets in the system it will be able to get access to the Notes. What about Android?
Does on a non-rooted device a malicious app would be able to get access to Joplin notes (with synchronisaiton set to a remote storage provider). And if the device is rooted ?

Same on Android. On a non-rooted device it should be pretty hard (theoretically: impossible) for a malicious app to get access to the Joplin notes. On a rooted device, all bets are off.