By David Goldman, CNNMoney: NEW YORK- The company behind the now-notorious Carrier IQ software that has been found to log every keystroke pressed, website visited and text message sent by 150 million mobile phone users said Friday it was shocked to learn that its software was doing that.

"We're as surprised as anybody to see all that information flowing," Andrew Coward, Carrier IQ's director of marketing, told CNNMoney in an interview. "It raises a lot of questions for the industry -- and not [only] for Carrier IQ."

The "flowing" information Coward was referring to was spotlighted Monday in a 17-minute YouTube video posted by Android developer Travis Eckhart. The video showed Carrier IQ recording everything Eckhart entered into his phone, storing the data in what's known as a debug log.

The purpose of a debug log is for software developers to see if anything is going wrong with an application. It stashes that information in the phone's memory, which it remains stored until the device is powered down.

It's unusual, however -- and bad, security experts say -- for an application to store so much data to the debug logger.

"It's not considered a good security practice to insert any sensitive information in a log like that," said Dan Rosenberg, a consultant at Virtual Security Research.

But what's not clear is whether it's entirely Carrier IQ's fault. Coward insisted that the Carrier IQ software was not responsible for the logging of keystrokes and other user data. He said the program does not need to log that kind of information to serve its purpose of transmitting network diagnostic data to the phone's carrier.

Instead, Coward said the logging was happening at the operating system level, likely as a result of add-on software installed by the handset manufacturers. But he couldn't say for sure.

"We don't know enough at this point -- it's a very good question," Coward said.

Read More