Serious question- how can anyone know these operating systems are truly secure? Is there a way to test the source code? From a code perspective could Google have placed a back door in Android to access these forks?
You can compile it from the source code yourself if you want. Realistically speaking there may be a backdoor in closed-source Google Play Services, but not in the open-source AOSP project.