Android security risks

We are using the managed workflow at my company and we had a pen test recently. There were some security issues that have been raised. I have managed to fix some of them, but there were some remaining ones. I would like to know if it possible to act on them without ejecting. The issues are the following:

  • No SSL pining.
  • Clear text traffic is Enabled For App [android:usesCleartextTraffic=true]
  • Application Data can be Backed up [android:allowBackup=true]
  • Build can be installed and execute on jailbroken devices