. . . did I find a creepin round my back stair?

[chun-ki-mun-ki]

Are backdoors to be presumed in projects such as termux, regardless of any or not os hardening hosting such instantiations?

[agnostic-apollo]

All are app/packages code is open source, and is built on GitHub/F-Droid servers, you can review it for any backdoors. Dependencies could be compromised but I limit the ones used in projects I maintain. And if there were any backdoors, would you expect us to answer "Yes we do, but don't worry and keep using Termux", what kind of question is that.