The part about logging/transmitting personal info is a red herring. The real issue is failing to provide an opportunity for users to assent to the installation of this software on their device. It makes no difference to me whether data is being logged or transmitted over a network. However, I'm terrified that a phone manufacturer would install a very hidden program with root-like privileges, offering a single point of failure. A malicious user could potentially exploit this program's vulnerabilities to access everything on your phone.

IMO, this is a slippery slope argument. The actual phone OS, which is certainly "logging key presses" is also an opportunity for exploitation via vulnerabilities. I fail to see how software is a special case? Additionally, the carriers are certainly storing and tracking your movement and location, and storing your SMS (how else do you suddenly get them when you turn your phone on after your plane lands?)

I think the subtle difference here is that we as consumers have a implicit understanding that the OS and the carriers must store and handle our data in order to provide the services to us that they do. We must trust them if we use their devices and networks.

That trust is given because the data sensitivity is proportional to the disclosure and scrutiny of the providers. The phone, its OS and who provides the network inherently have access to all your data, a huge responsibility, so no attempts are made to hide or obfuscate who those companies are and what they're doing. You know Samsung makes your phone, it runs on android and you use the Verizon network. CarrierIQ seems to have access to all the same data your OS and carrier has, yet their presence is not made transparent/known to the user of the phone.

That said, it's not clear to me what CarrierIQ's integration is like? Is it purely a software framework Android uses to log and store metrics for the carriers? Is it a 3rd party app installed by the carrier to help them store user metrics? How antonymous is CarrierIQ with the data? Do CarrierIQ engineers see your data or is it just for the carriers? Until that's clear, it's anyone's guess.

This would explain why I haven't seen a reference to a host or URL that I could at least block by proxy on a Wi-Fi network.

Finally some sanity. Thanks John for this reasoned analysis.