Developers of the Free Software Foundation-endorsed Replicant OS (http://www.replicant.us/) have uncovered a backdoor through Android on Samsung Galaxy devices (http://www.phoronix.com/scan.php?page=news_item&px=MTYyODE) and the Nexus S. The research indicates the proprietary Android versions have a blob handling communication with the modem using Samsung's IPC protocol and in turn there's a set of commands that allow the modem to do remote I/O operations on the phone's storage (http://redmine.replicant.us/projects/replicant/wiki/SamsungGalaxyBackdoor). Replicant's open-source version of Android does away with the Samsung library (http://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor) to fend off the potential backdoor issue.

http://mobile.slashdot.org/story/14/03/12/2143225/replicant-os-developers-find-backdoor-in-samsung-galaxy-devices