I see that third party Wordpress dashboard tools like ManageWP or InfiniteWP have access to entire Wordpress site by installing theirs plugin on that site. This way they have admin access to my Wordpress site so they can update plugins, do site backup etc. How this is possible and is it safe?
As far as my knowledge says, ManageWP has two methods of getting admin access to the wordpress site.
Once they get the admin access, they view the wordpress dashboard in an iframe inside of the ManageWP panel. The rest of the controls happen via third party plugins installed by the ManageWP.
Coming to your next question about if it is safe, As per this link,
We take security very seriously. We had no security-related incidents in our history (and we’ve been around since 2010).
Their serves run over AWS Infra, so we can be sure that they have a solid server security, but I would still recommend not to host any sensitive data over a website which could control your wordpress site completely via admin panel.