Once I dissected the code of a FDA-approved medical device, Vendys Endothelix. If connected to the internet, the device would covertly send measurement data to a specific email address. The usernames and comments baked in the code suggested Chinese development. I would be curious to know what percentage of our highly sensitive data ends up overseas.

I think it's safe (or maybe prudent) to assume that pretty much all phones, computers, and network switching gear are backdoored by someone.