Security researchers will always break into, reverse engineer, and scrutinize OS firmware and apps.
They’re not going to find every backdoor. But I’m sure their work serves as a deterrent to some degree. Vendors aren’t going to deploy backdoors unless some state actor forces them to, and even then chances are they’re caught and called out.
Security researchers will also happily sell their tools to law enforcement and other agencies. Companies like cellebrite specialize on that.
In short, if you are being targeted (and, granted, the chance of that is pretty low), your data and communication is not secure.
It's an economical question, not a technological question. (the FBI paid $1.3m in one case to get access to a phone).
