A recent YouTube video posted Monday by Trevor Eckhart, an Android app developer, says that a particularly popular app that hides from plain view and watches everything that happens on the phone. During the video, Eckhart used a packet sniffer and a USB debugging app to show how the Carrier IQ agent watched everything that he did, even when he was connected to Wi-Fi.

After connecting to Wi-Fi he loaded up Google, and even after refusing to give the website his location, he pointed out how the furtive app caught the location anyway; he also revealed how the app was trapping URL queries sent to Google even in SSL (secure sockets layer) mode.

“We can see that Carrier IQ is querying these strings over my wireless network [with] no 3G connectivity and it is reading HTTPS,” the 25-year-old Eckhart says.

Information sent to Google via the HTTPS (SSL) connection should be encrypted, so it’s obvious that the secretive app is catching the outgoing query before it’s sent through the secure layer by the phone and recording it.

According to an article today in The Register, the video appeared on YouTube four days after Carrier IQ withdrew a legal threat against Eckhart over calling its Android app a “rootkit.” He initially posted his findings on AndroidSecurityTest.com (site seems to be currently down).According to Eckhart, the Electronic Frontier Foundation assisted him in fighting the threat and Carrier IQ backed down. Eckhart defends his characterization of the app as a “rootkit” by pointing out that it deliberately obfuscates itself from easy discovery through bypassing usual operating-system functions.

When interviewed on the subject, Carrier IQ VP of Marketing Andrew Coward denied allegations that the software posed a privacy threat because it does not “phone home in real time.”

“Our technology is not real time,” he said. “It’s not constantly reporting back. It’s gathering information up and is usually transmitted in small doses.”

Coward went on to mention that Carrier IQ is a diagnostic tool designed to give carriers and cell phone manufacturers detailed information on the causes of dropped calls and other performance issues.

At the end of his 17 minute video, Eckhart has a series of questions he’d like answered by Carrier IQ including, “Why is this not opt-in and why is it to hard to FULLY remove?” and “Why is my browser data being read, especially HTTPs on my WiFi?”

Those latter two questions are especially damning—any application installed on a phone that hides itself from users, doesn’t allow itself to be fully disabled or controlled, and acts underneath the operating system poses a real security threat to the phone itself. In fact, if it’s true that the app is listening in on what should be encrypted conversations with other websites it opens itself up for malicious apps to trap that communication within the phone (or over the wireless) and themselves phone home about it.