The best you can do is attempt to detect the Xposed framework.

For example you could spot the device is rooted using SafetyNet Attestation API or try and detect the XposedBridge.jar. No doubt there are ways of getting around that too having Xposed installed. Ultimately you can never trust a users device.