Wasn't Apple's "goto fail" bug a partial backdoor into iOS? Considering how long it took for it to be discovered, is it really so improbably that there are similar, or more serious, backdoors in other software, even if open source?
"goto fail" certainly could be used as a way of subverting iOS security but it provided indiscriminate access in a way that seems more like a vulnerability caused by a bug.
Maybe some actor did add the goto fail for nefarious reasons, but it can quite easily be explained by a merge error.
It's not easy to explain this particular backdoor as anything but a backdoor. From the article:
"The binary responsible for the firmware OTA update operations also includes code to hide its presence from the Android OS, along with two other binaries and their processes. A developer looking at active Android processes won't be able to tell when there's an update coming to his phone."
