No matter whether the device is designed or built in China, the US, Israel, Germany, etc if you want security on phones, routers, desktops, etc you may just want to roll your own OS like the US NSA, Russian Military, Chinese, South Korean and more have already been doing. Seriously you can't even trust your "current" allies not to spy on you.
The US can point their fingers all they want at China, but they have been caught doing the same things knowingly (those zero-day defects on Windows XP way back) and unknowingly (the Iran power station issue which supposedly involved Israel too). We know governments (Western Governments most definitely) have interception laws at Internet peering points, satellite links, etc and many have "kill switches" via their Tier 1 ISPs to cut off their country's Internet. Just by popular news I still hear of more backdoors and vulnerabilities found on "Western" hardware and OS's than Chinese (maybe the Chinese hide it better?).
So that said any intended or unintended backdoors on your Cisco routers, Windows servers, D-Link routers, or whatever will be found and exploited at some point.
For large corporates and governments, I still don't understand why they don't as a matter of policy take open source code for routers, phones, servers and have that code inspected properly and customise it for their use. That way you control it fully. It is certainly happening on a limited scale already. It's certainly not difficult as many home users do it themselves (just not always able to inspect the code fully themselves). Governments and large corporates spend millions of US$ per annum of software which they could channel instead into recruiting qualified code analysers. For many countries that also means keeping their money onshore.
See more on this Android issue (past tense) at https://arstechnica.com/information-technology/2019/06/google-confirms-2017-supply-chain-attack-that-sneaked-backdoor-on-android-devices/
#triada#^Google confirms that advanced backdoor came preinstalled on Android devices
After Google successfully beat back Triada in 2017, its developers found a new way in.