> Is there any evidence for a government having a backdoor in Cyanogen or another Android OS fork? Or, for that matter, a backdoor into iOS?

They don't need to, if they can put malicious code into the hardware, and bypass the software stack entirely.