1) Does Carrier IQ use native APIs to get such privileged access or are special APIs mandated by operators so that CIQ can work?
2) If 1 is the latter, can malicious apps access these APIs too?
3) The CIQ exe probably runs at the highest privilege level. Is the app well written? Can a malicious app exploit it?