That depends. More of the popular ones don’t encrypt the secret keys, they can just be read out with root access or even with the use of ADB (the pull command), not even speaking about reading the memory contents while booted to a recovery.
Some even uploads the keys to a cloud service for convenience, and they consider it a feature.
Sounds more like a bad design than purposefully left backdoors. Very few devices are rooted and usually you cannot get root without fully wiping your device in process. As for cloud upload, that indeed is convenient for most regular users. I prefer encrypted offline backup like Aegis does, but you need to think about regular folk if they would loose or wipe their device.
That depends. More of the popular ones don’t encrypt the secret keys, they can just be read out with root access or even with the use of ADB (the pull command), not even speaking about reading the memory contents while booted to a recovery.
Some even uploads the keys to a cloud service for convenience, and they consider it a feature.
Sounds more like a bad design than purposefully left backdoors. Very few devices are rooted and usually you cannot get root without fully wiping your device in process. As for cloud upload, that indeed is convenient for most regular users. I prefer encrypted offline backup like Aegis does, but you need to think about regular folk if they would loose or wipe their device.