"goto fail" certainly could be used as a way of subverting iOS security but it provided indiscriminate access in a way that seems more like a vulnerability caused by a bug.
Maybe some actor did add the goto fail for nefarious reasons, but it can quite easily be explained by a merge error.
It's not easy to explain this particular backdoor as anything but a backdoor. From the article:
"The binary responsible for the firmware OTA update operations also includes code to hide its presence from the Android OS, along with two other binaries and their processes. A developer looking at active Android processes won't be able to tell when there's an update coming to his phone."
Maybe some actor did add the goto fail for nefarious reasons, but it can quite easily be explained by a merge error.
It's not easy to explain this particular backdoor as anything but a backdoor. From the article:
"The binary responsible for the firmware OTA update operations also includes code to hide its presence from the Android OS, along with two other binaries and their processes. A developer looking at active Android processes won't be able to tell when there's an update coming to his phone."