Nice idea to check usesCleartextTraffic, but that particular check isn't worth much since, as the docs say:
> This flag is ignored on Android 7.0 (API level 24) and above if an Android Network Security Config is present.
Sounds like the IzzyOnDroid scanner would not catch android:usesCleartextTraffic="false" then in the Network Security Policy, sets <base-config cleartextTrafficPermitted="true" />. From what I've seen, most apps use Network Security Policy anyway.