The other replies seem to ignore the fact you are presenting, they don't give you administrator access to a device they sell you, but retain it only for themselves. You're right in saying that this is just in general an untenable situation given just the general problem is as you say, the potential attacker and potential customer are potentially the same person.