I wrote myself a database that I use for passwords and the like. I get around this by masking text until I tap a button, and then waiting a random number of ticks before decrypting the value and progressively unmasking the text. It takes between ½ and two seconds. The problem I've yet to solve is hiding the text. Leaving it on-screen for, say 10 seconds before re-masking and encrypting is fine for now but sometimes that's not long enough.
The other thing it does is with a tap and waiting for the same random number of ticks is to copy the value to the clipboard so that I can paste it into a browser.
Android requires root privilege and/or system-level app to take screenshots. iOS is probably similar. I don't think an app could spy like this without user enabling it (which is a valid but separate concern about how knowledgeable the average rooter/jailbreaker is.)
Now we get into the solutions which require commercial action.
Talking to the Android chipset makers often presents a solution. Since they design the hardware, they have access to the framebuffer - and they often are able to provide libraries which entirely avoid the Android permissions model by simply accessing their custom kernel drivers directly.
If you're aiming at a specific phone model, this is often a good way forward. Of course, the odds are you'll need to cooperate with the phone maker as well as the silicon manufacturer.
Sometimes this can provide outstanding results. For example I have heard it's possible on some hardware to pipe the phone hardware framebuffer directly into the phone hardware H.264 video encoder, and retrieve a pre-encoded video stream of whatever is on the phone screen. Outstanding. (Unfortunately, I only know this is possible on TI OMAP chips, which are gradually withdrawing from the phone market3).
======
Probably not something an average crapware author can do, but certainly within reach of the NSA.
On iOS it's possible to capture the framebuffers of other apps via the IOSurface APIs with an app that's running in the background. These APIs are not documented well, but it's certainly possible.
By root, I meant that an app with root access could probably take screenshots, not that a root app is needed for the user to access the system's screenshot capability.
Once its on your phone, it can just screenshot things if nothing else.