In one part of the clip, he shows how an entire SMS message--"hello world"--was recorded by Carrier IQ's software. In another example, he demonstrates how a Google search, his location, and other key information is recorded by Carrier IQ's application, even though he was on Wi-Fi and a page secured by HTTPS. "The Carrier IQ application is receiving not only HTTP strings directly from browser, but also HTTPs strings," Eckhart wrote in a blog post. "HTTPs data is the only thing protecting much of the 'secure' Internet. Queries of what you search, HTTPs plain text login strings (yuck, but yes), even exact details of objects on page are shown in the JS/CSS/GIF files above--and can be seen going into the Carrier IQ application."
http://news.cnet.com/8301-13506_3-5...ets-secretly-logging-keystrokes-sms-messages/"The Carrier IQ application is embedded so deeply in the device that it can't be fully removed without rebuilding the phone from source code," he says. "This is only possible for a user with advanced skills and a fully unlocked device. Even where a device is out of contract, there is no off switch to stop the application from gathering data."
Although Eckhart's data comes from Android devices, it's worth noting that Carrier IQ's software is running on over 130 million mobile devices worldwide, including those made by Nokia and Research In Motion.
Two of many articles hitting the web today, some more technical than others. Some are saying this could be criminal wiretapping.