If you were to have a tethering app on your phone (and of course, you don't), what would it be? i.e., if AT&T can detect certain apps, what, do you suppose (without admitting anything incriminating), are the apps they're talking about?
I can't imagine they'd be crazy enough to surreptitiously audit the content of a subscriber's phone, and then tacitly admit to it with this sort of inquiry. But I could imagine that they can detect tethering "signatures" via snooping network traffic. For example, if you tether to a PC and use that to browse the internet, the user agent will look different than when the phone's browser is being used. Or if you left a tethering session running and they saw your phone pulling down updates for Microsoft Windows, that'd sure be a dead giveaway. There's little if any reason to pull anything off Windows Update with a phone. They could maybe get away with detecting that sort of thing since they wouldn't be looking at data content, just whether or not the data source was consistent with a smartphone or not...