Why do they say 'potential' backdoor when it is so clearly a backdoor? I know it's good to hedge your bets but is there some kind of legal reason they say it like this? I'm curious because it is so common.
Because you never really know until you _really know_. I know there have been times in my life that I was 100% sure of something and never thought there was a way I could be wrong, but somehow new info came to my attention and turned everything upside down. What if there's some kinda stuff in a chinese document that FireEye hasn't read yet, stating that this is normal functionality of the SDK and the developer, who read the docs thoroughly, knows that it does this. Better to just present the facts and stick with "suspect" or "alleged" type verbage and only drop the bet-hedging when it is known without a shadow of a doubt. The fact Apple removed the apps does strongly indicate FireEye at least found something suspicious and the readers of this article are probably mostly convinced at that point anyway without FireEye having to risk officially throwing around accusations.
Also, nowadays it's getting a bit too easy to blame hacking/spying on the Chinese & Russians so you don't want to accuse them until you're absolutely sure. If you're wrong, it's going to look extra bad.
