Add category for android:allowBackup="true" #282
Description
We need a VRT category specific to android:allowBackup="true" since it is commonly reported but we don't have it defined. I am proposing that we add the below P5 category:
P5 Mobile Security Misconfiguration > Auto Backup Allowed by Default
Our reasoning for having this set to P5 has to do with the two attack vectors:
-
One way to exploit this using ADB in conjunction with direct physical access to a victim's unlocked device. The physical aspect of this alone makes this unlikely to happen commonly. Not to mention the other issues associated with a malicious individual having access to an unlocked device.
-
The second way to exploit this is by compromising a user's Google Drive account. Similar to the first vector, this is very unlikely to happen.
Lastly, there could also be legitimate reasons for apps to have this feature enabled.