Cracked Labs

Institute for Critical Digital Culture

Home » "Out of Control" project

“Out of Control"

How consumers are exploited by the online advertising industry. Investigation into how smartphone apps share data with third parties.

Led by the Norwegian Consumer Council, and together with mnemonic, Zach Edwards and NOYB, Cracked Labs contributed to an investigation into data flows from smartphone apps to third-party companies.


» Report, January 2020 (PDF, 186 pages)
» Technical Report, January 2020 (PDF, 93 pages)

Other resources

» Legal complaints against Grindr, Twitter MoPub, AppNexus, OpenX, AdColony and Smaato (January 2020)
» Letters from leading consumer and privacy groups to US Congress, FTC and state AGs (January 2020)
» Letter from BEUC to the Global Privacy Assembly (April 2020)
» Letters to location data companies Placed, Unacast, Placer, Fysical, Verve, Safegraph, fluxLoop and Neura (May 2020)

The investigation and the legal complaint against the dating app Grindr filed with the Norwegian Data Protection Authority led to the highest GDPR fine in relation to the revenue of a company to date:

» Decision by the Norwegian DPA (December 2021)

Selected media coverage

» New York Times (13 January 2020)
» Forbes (14 January 2020)
» Guardian (26 January 2021)