Android code research was carried out, the very first link from Google, as an example
https://www.opennet.ru/opennews/art.shtml?num=28504
But you must understand that between pure android sources and what is on your device is a huge abyss. To begin with, the kernel, kernel modules, settings files (they are also very important) and libraries (often binary blobs) that phone manufacturers add to the system (often without any support, documentation, and even more so source codes, yes, yes, in violation of the license agreement etc.) - can be modified in no known way.
Then backdoors can appear after the assembler from whom you took the finished firmware, and there are millions of such assemblies. I believe that something popular is probably even being analyzed by someone, but reports on this need to be looked for separately and can be stupidly not found. But this is bullshit, the probability of this is very small, and in the end you can collect everything yourself by contacting the author and asking him for help.
Most importantly, backdoors and errors will definitely appear when you install google apps - in terms of volume and complexity, this proprietary application package from Google has long exceeded android itself (several times in volume) and it is not possible to openly explore it.