The password or Private key stays on device, which could be hacked right??? so explain me how prone is this App against Zero day???
Also i have another question how to import local data from PC to Mobile devices ??? instant cross sync possible or not on multiple devices ???
Only if you decide to safe it. If not, the password is not stored on your device.
More ??? Please 
Cryptomator desktop does not connect to or sync with anything. It relies on the sync app of your storage provider. This app does the sync of encrypted vault files to your online storage.
The mobile apps connect directly to your online storage and open your vault online so you do not have to sync here.
More details: Cryptomator - Put a Lock on Your Cloud — Cryptomator 1.7.0 documentation
Deleting the master key by an attack is a severe threat since it enables an attacker to compromise data access; a hacker can see this as a ransomware opportunity, especially if you don’t have a recovery key or a master key backup. By the way, while creating a vault, I was not informed to make a recovery key or missed it. A better abroach would be to automatically generate a recovery and send it by an encrypted zip file to the user’s mailbox. The zip password must be the vault password.