Currently they would hack in to a phone using any one of numerous vulnerabilities, and from there install whatever "back door" was needed. Generally this is a good approach, as in the least-worst for all of us, as it has to be targeted to the device in question (hardware / software version, etc) and is not universally available to anyone as a deliberate back door feature would be. Also widespread (mis)use would tend to show up and things would get patched*.
Down side to us is the then hoard vulnerabilities like "Eternal blue" etc that ended up in the NHS being screwed over, etc.
[*] - yes stop laughing and the majority of Android users like myself who get bugger-all patches even when bugs are publicly disclosed and in use.