It doesn't take the Chinese government to do that- the NSA can turn most cell
phones into such surveillance devices (and probably botnets if they wanted
to) pretty easily already. The Chinese government, I suspect, wouldn't even
need to bother with loading the malware remotely.
Apart from whatever weak legal protections are in place to ban this, there's
little stopping this. A cell phone has two computers- the main processor, and
a 'baseband modem' which is used in communicating with the phone towers. It
is illegal in most jurisdictions to modify the proprietary software running
on this modem- and, unless you count the rather obscure and convoluted
OsmocomBB firmware, quite impossible at present- such that there's no way to
even determine the presence of backdoors besides observing their use.
Edward Snowden at one point commented that such backdoors exist. Furthermore,
even if you can get Debian main running on the main processor, that wouldn't
rule out the possibility of the modem being a problem- although I don't know
whether or not the modem needs the main processor to load the firmware
anyway, which would mean this isn't a problem.
Unfortunately, this dystopian state of affairs is quite plausible.