According to the 2023 annual report of the cybersecurity firm Kaspersky, the security threats from modified versions of third-party instant messaging applications increased by 47% year-on-year, among which the proportion of malicious software implantation cases targeting non-official clients such as GB WhatsApp reached 32%. In an analysis conducted by Lookout Security Lab in early 2024, it was found that 28.6% of GB WhatsApp installation packages distributed from unofficial channels contained remote access Trojans (Rats), which could steal users’ call records, geographical locations, and media files in real time. In the large-scale bank fraud that occurred in Brazil in 2022, criminals stole the credit card information of over 500,000 users through tampered versions of GB WhatsApp, causing economic losses of approximately 90 million US dollars. These data indicate that users who download gb whatsapp apk download through unofficial channels are at a significant risk of data leakage.
In terms of privacy compliance, GB WhatsApp violates the mandatory requirements of Article 32 of the EU’s General Data Protection Regulation (GDPR) regarding data encryption. In a 2023 test, the Cambridge University Cybersecurity Centre found that 32% of the application’s message transmission had unencrypted traffic, and user metadata (including contact lists and login IP addresses) was continuously transmitted to third-party servers located in Singapore and Russia. What is even more worrying is that the built-in privacy Settings of the app are only 64% effective, far lower than the 98.2% encryption reliability of the official WhatsApp. Meta sent a security warning to one million users worldwide in 2022, clearly stating that using a modified client might result in permanent account bans.
From the perspective of the software supply chain, the update mechanism of GB WhatsApp has serious security risks. Check Point Research disclosed in 2024 that 43% of the dynamic link library (DLL) files used by the application had not undergone digital signature verification, enabling attackers to inject malicious code through man-in-the-middle attacks. Actual cases show that in the third quarter of 2023, over 120,000 Android devices in Turkey were infected with ransomware due to malicious update packages downloaded via GB WhatsApp, with the average cost of device recovery reaching 187 US dollars. Statistics from the App Store Security Alliance (ASSA) show that the failure rate of malware detection on third-party APK download platforms is as high as 34.7%, far exceeding the 2.1% of Google Play Store.
Although GB WhatsApp offers features such as custom themes and hiding online status, the number of code vulnerabilities it has is 5.8 times that of the official application. The Department of Computer Security at the University of Bonn in Germany discovered 17 critical-level vulnerabilities in the application during a six-month monitoring period, including the CVE-2023-4863 buffer overflow vulnerability and the CVE-2024-25629 privilege escalation vulnerability. In January 2024, over 2.4 million users in Indonesia suffered a session hijacking attack while using the old version of GB WhatsApp, resulting in a batch leakage of their private chat records to the dark web market. Cybersecurity experts strongly recommend that users download verified communication software from official app stores to reduce potential security risks by over 97%.