When a company can remotely push code without explicit user approval, and code that was hostile / almost malicious, it is a backdoor
so like… any website
so like… any website