Documentation cleanup for allowBackup query

Author: egregius313

java/ql/lib/semmle/code/xml/AndroidManifest.qll

@@ -74,7 +74,7 @@ class AndroidApplicationXmlElement extends XmlElement {
   predicate requiresPermissions() { this.getAnAttribute().(AndroidPermissionXmlAttribute).isFull() }
 
   /**
-   * Holds if this application element enables the `android:allowBackup` attribute.
+   * Holds if this application element does not disable the `android:allowBackup` attribute.
    *
    * https://developer.android.com/guide/topics/data/autobackup
    */

java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql

@@ -1,6 +1,6 @@
 /**
  * @name Android allowBackup attribute enabled
- * @description
+ * @description Android manifests which do not disable the `android:allowBackup` attribute allow backups, which can store sensitive information.
  * @kind problem
  * @problem.severity recommendation
  * @security-severity 7.5
@@ -17,8 +17,11 @@ from AndroidApplicationXmlElement androidAppElem
 where
   not androidAppElem.getFile().(AndroidManifestXmlFile).isInBuildDirectory() and
   (
+    // explicitly sets android:allowBackup=true
     androidAppElem.allowsBackupExplicitly()
     or
+    // Manifest providing the main intent for an application, and does not explicitly
+    // disallow the allowBackup attribute
     androidAppElem.providesMainIntent() and
     androidAppElem.allowsBackup()
   )