There are many possible problems when the network hardware you trust turns against you. The first and easy one to understand is location data. The cell towers know which phone it’s talking to, even if it doesn’t know what data it’s transferring.

The second is access to internal networks and possibly databases of carriers. This can be used to both steal data and disrupt operations.

The third, and more specifically to your question about TLS, is that authoritarian governments usually have access to generate whatever certificates they want for whatever domain they want. Chinese certificate authorities have been removed before for abusing exactly this issue.

https://www.zdnet.com/google-amp/article/google-banishes-chinas-main-digital-certificate-authority-cnnic/

There are many other possible issues. Even with TLS, they can do a very silly MitM and you can bet many people will fall for it and accept invalid certificates without thinking twice.

There are different kinds of snooping. If I know who you call and when you call them, I’m snooping on you even though I don’t know what you’re saying.

More dangerously, if I can make it so that your phone stops working because I determine you spend too much time talking to the Ministry of Defense and I’m interested in causing mischief; that’s bad.

I’m a software engineer, not a cryptography expert. But one potential attack would be sabotaging a random number generator so the random numbers could be predicted. This might allow users who possess knowledge about the sabotage to crack cryptographic keys, etc.

The other problem is that the Chinese government maintains a high level of control of the corporations it allows to exist. Understandably, no one wants to disappear, or have a family member disappear, into the murky waters of the Chinese justice system. If the Chinese government wants a back-door, they’l have it.