After establishing a session, the app idles until it receives either a special SMS message or a packet over HTTPS, which can instruct it perform a variety of functions. I'm still investigating what these are, but some of the status codes are for starting streaming, pausing streaming, and initiating remote control. The application logs the actions taken in the course of the session, and there is some sort of a user interface that shows the user what the remote operator is currently doing with the phone in real-time. The log is sent back to Verizon's AetherPal service running on AetherPal's servers, where presumably Verizon representatives can access it.
Here is a nice diagram that AetherPal has made concerning their service: http://aetherpal.com/architecture.html.
Well, that's it for now, but I'm going to continue investigating in more detail. In particular, I'm interested in how exactly the handshake happens during initialization, what information is logged (anything potentially sensitive?), and how much control remote operators have over the device. It would be good to confirm that some action is needed on the user's part to allow a remote operator to start controlling the device.