各个安卓漏洞检测框架是怎么检测allowBackup的？

AndroBugs_ work是怎么检测？
方法：直接获取AndroidManifest文件中allowBackup的属性，是否为true。（若没有，安卓系统是默认为true的）

    def is_adb_backup_enabled(self):
        \"\"\"
            Return true if the APK can be backed up
            :rtype: boolean
        \"\"\"
        adb_backup = self.get_element(\"application\", \"allowBackup\")
        if adb_backup is None:
            #If the default value is not set, the default is True.
            return True
        else:
            if adb_backup.lower() == \'true\':
                return True 
            else:
return False

QARK:

class ManifestBackupAllowed(ManifestPlugin):
    def __init__(self):
        super(ManifestBackupAllowed, self).__init__(category=\"manifest\", name=\"Backup is allowed in manifest\",
                                                    de ion=(
                                                        \"Backups enabled: Potential for data theft via local attacks via adb \"
                                                        \"backup, if the device has USB debugging enabled (not common). \"
                                                        \"More info: \"
                                                        \"http://developer.android.com/reference/android/R.attr.html#allowBackup\"))

        self.severity = Severity.WARNING

    def run(self):
        application_sections = self.manifest_ .getElementsByTagName(\"application\")

        for application in application_sections:
            if \"android:allowBackup\" in application.attributes.keys():
                self.issues.append(Issue(category=self.category, severity=self.severity,
                                         name=self.name, de ion=self.de ion,
                                         file_ =self.manifest_path))


plugin = ManifestBackupAllowed()

其他的框架或工具还有360显危镜，腾讯金刚，mafia等，都是基于manifest对allowBackup属性做判断，来确定风险。