Your every electronic device likely has a mandated backdoor and tracking codes

This is likely it. Android/Google and iOS are NOT secure platforms. The Open Source nature of Android (AOSP) code can allow you or someone else to audit the code, not so with iOS.

But can anyone audit the hardware? And what backdoors are in the hardware?

The concern about mandated backdoors and tracking codes in electronic devices is a legitimate one. While open-source platforms like AOSP Android allow for code auditing, the hardware itself remains a potential source of vulnerabilities. Without the ability to thoroughly audit the hardware, it is difficult to determine the existence and nature of any backdoors or tracking codes that may be present. This lack of transparency poses a security risk, as it could potentially allow unauthorized access to user data or enable surreptitious tracking.