There has been a rolling scandal about the Carrier IQ software installed by cell phone companies on 150 million phones, mostly within the United States. Subjects of outright disagreement have included the nature of the program, what information it actually collects, and under what circumstances. This post will attempt to explain Carrier IQ's architecture, and why apparently conflicting statements about it are in some instances simultaneously correct. The information in this post has been synthesised from sources including Trevor Eckhart, Ashkan Soltani, Dan Rosenberg, and Carrier IQ itself.
First, when people talk about "Carrier IQ," they can be referring to several different things. For clarity, I will give them each a number. You can think of senses 2, 3 and 4 as being "layers" of code that are wrapped around each other.
The company, Carrier IQ, Inc.;
a core software library that is written by Carrier IQ Inc. and which is present on all of the 150 million handsets;
a Carrier IQ application or program running on a phone, which includes the software in layer 2, but also additional porting code written by handset manufacturers (sometimes called "original equipment manufacturers" or "OEMs"), mobile network operators ("telcos"), or baseband chipset manufacturers;
the entire Carrier IQ stack, which includes the program described above as layer 3, but also often includes other code within a phone's Operating System and Baseband Processor OS to send data to layer 3. Like layer 3, this code is written by handset manufacturers, telcos or baseband manufacturers.