According to a security researcher named Trevor Eckhart, who discovered it during a dissection of the functions of Android's location-tracking functions, a third-party user-monitoring company called Carrier IQ is supplying customer-tracking software to carriers, who surreptitiously install it on phones to collect information about customers.
Sprint phones were the first found to be poisoned with the tracking software, which can find and log location data, SMS contacts and the text of messages, number and name of apps installed on the phone and the keys a user presses.
Sprint issued, then retracted a cease-and-desist order to try to scare Eckhart from continuing his revelations.
Other carriers were quickly implicated, however, making it clear the problem of keylogging and blatant invasion of privacy are considered de rigeur among carriers – for reasons more complex and exploitive than ensuring high levels of connectivity and service.
Nokia, RIM, HTC and Samsung devices have so far been implicated, though one publication says three Google Nexus devices are also bugged.
An iOS hacker called CHPWN has found versions of the tracking file on nearly every version of iPhone as well.
Eckhart has released a testing app to let consumers figure out if their phones have the tracking app.
The app, currently in its seventh revision, installs on your phone and can quickly ID the keylogger after you hit the app's CIQ Checks button.
Extreme Tech provides more step-by-step instructions for finding and deleting the app.
Get rid of it. Then make clear to your carrier you don’t appreciate being spied on.