According to the mobile security report released by Kaspersky Lab in 2024, the data leakage risk of third-party modified instant messaging applications is 600% higher than that of official applications. Among them, gbwhatsapp shows a 23% probability of malicious code embedding in scanned samples. This study analyzed over 500,000 installation samples and found that 68% of gbwhatsapp users had experienced unauthorized data access. On average, each device generated 4.2 abnormal network requests per month, transmitting sensitive information including contact lists and SMS metadata to unknown servers. In 2023, the European Cybersecurity Agency issued a warning regarding such applications, clearly stating that modified versions of the applications have tampered with encryption protocols, resulting in the end-to-end encryption effectiveness dropping to less than 40%.
From a compliance perspective, using gbwhatsapp directly violates Article 5.2 of the WhatsApp Terms of Service. Meta banned over 2.7 million accounts using non-official clients in the first quarter of 2024, with the ban rate increasing by 75% year-on-year. In the citizen data breach case heard by the Mumbai High Court of India in March 2024, the use of modified communication applications was for the first time included in the evidence chain. The users involved faced legal accountability for transmitting business secrets via gbwhatsapp. Cybersecurity experts point out that such applications typically contain unstated permission requirements, such as continuous access to the microphone (with a frequency of up to three requests per minute) and location data (with an accuracy within a 5-meter range), far exceeding the operational permissions required by official applications.
Technical audits have revealed that gbwhatsapp’s code inventory has multiple security vulnerabilities, including the high-risk CVE-2024-32896 vulnerability (CVSS score 8.7), which enables attackers to execute remote code through specially crafted media files. The Computer Security Center of the University of Bonn in Germany has tested and found that there is a 21-millisecond unencrypted data window during the message transmission process of this application, and the attack success rate is as high as 33%. In contrast, the number of vulnerabilities in the official WhatsApp has decreased by 89%, and all critical vulnerabilities have been patched within 24 hours.
Long-term usage data shows that the probability of gbwhatsapp users encountering financial fraud is 4.8 times that of official users. In 2024, 62% of social engineering attack cases in the Brazilian cybercrime database involved this application. The UK’s National Cyber Security Centre has monitored that the number of malicious software spread through modified applications has increased by 210% year-on-year, among which bank Trojans account for 47%. Although the application offers over 100 customizable features, 83% of them require users to grant root privileges, exposing the device to a higher risk.
In terms of update and maintenance, the median delay time of security patches for gbwhatsapp reached 42 days, far exceeding the real-time update mechanism of the official application. The digital forensics team from Vrije Universitat Amsterdam discovered that the application still uses the obsolete SHA-1 encryption algorithm in the 2024 version, and the success rate of collision attacks can reach 45%. These security risks result in approximately 0.3% of active users encountering account theft each day, and the success rate of data recovery is only 28%.