By Sean Hollister and Dieter Bohn

You may have heard of the "internet of things," a vision of the future where cheap sensors are everywhere, and they allow machines to automatically track everything at all times. Over the last few days, we got an eye-opening look into that future thanks to a company called Carrier IQ. Founded in 2005, Carrier IQ provides remote tracking data to cellular network operators including AT&T, Sprint and T-Mobile, and its software has been loaded on over 141 million phones, primarily in the United States. You’d expect a cellular operator to have access to your phone number, name, address, and billing information, and even be able to see your calls and text messages while you’re connected to the network, no? Well, Carrier IQ takes things a step further by tracking your device even when it’s not connected, and can deliver things you might not expect it to, such as the apps you’re using and the secure URLs you visit in your cellphone browser.

Over the past week, we’ve been tracking Carrier IQ closely. There are plenty of accusations flying around, and plenty of confusion about just what it is that the company does with this data, what kinds of data it collects, and why Carrier IQ’s partners secretly bury the software deep within the operating system rather than asking users to opt into the program. That’s why we sat down face-to-face with Carrier IQ at the company’s Mountain View offices this weekend, where we had a surprisingly open and detailed two-hour conversation with VP Andrew Coward about nearly everything the company does.

It may not surprise you to learn that Carrier IQ claims to not have final control over the data it collects for cellular carriers, but what you might not know is that the 112-employee company actually has two different business models. One merely provides anonymous radio data to the carriers about dropped calls and the like, to help the networks troubleshoot issues... but the other, combined with the data a cellular carrier collects by itself, can uniquely identify a user so that the carrier can individually troubleshoot their phone’s performance and battery life by suggesting, for instance, which particular apps a user should uninstall.

It might also surprise you to know that Carrier IQ may be installed on more devices than have already been uncovered. The company actually has two different models for collecting data: the first is built directly into the operating system, while the second is more of an aftermarket solution that can be installed by the OEM or carrier. It’s only the latter that has seen widespread investigation, but Carrier IQ has been around for six years and has been installed on over 141 million devices in that time. Which devices? Carrier IQ literally won’t say: the company cites its contracts with carriers as the reason it cannot tell you whether or not its software is installed on your phone. Even so, it’s seriously troubling to hear a company flat-out refuse to tell you on which phones its tracking software is installed and with which carriers and OEMs it has partnered. All too often, on issues of disclosure, data privacy, and technical implementation, Carrier IQ shifted responsibility onto its un-named partners.

As we revealed over the weekend, Carrier IQ claims that it is not the source of the insecure log files discovered on HTC devices. Other technical details — including how exactly Carrier IQ stores and transmits its data and how carriers utilize it — are both comforting and disquieting by turns. Although more secure and less nefarious than originally feared, there may still be ample opportunity for malware to access its data. At the very least, how Carrier IQ’s software is implemented on various devices needs wider scrutiny from both security experts and regulators.

You can read the entire transcript for yourself below, but in our opinion, the biggest takeaways are that Carrier IQ and its client operators have logical reasons for taking most of the information they do — and mind you, many forms of personal data, like the contents of SMS and emails, aren’t being tracked at all, and no data is tracked in real time — but by the same token, it feels like there may be a lack of oversight when it comes to mobile privacy.