Security expert Bruce Schneier has a nice, short post on Carrier IQ. Here’s his bottom line:
Several things matter here: 1) what data the CarrerIQ app collects on the handset, 2) what data the CarrerIQ app routinely transmits to the carriers, and 3) what data can the CarrierIQ app transmit to the carrier if asked.
I think another thing that matters is how much of the data Carrier IQ collects is already being collected through other means. Carriers already have access to any unencrypted data that is transmitted over their network.
Read the whole thing. I hesitate to comment so much because the story is changing so fast. It’s best to focus on the essentials.