According to the test data from the Mobile Security Alliance in 2024, gbwhatsapp apk offers over 35 privacy control features, approximately 40% of which are exclusive functions not available in the official application. Its core end-to-end encryption system adopts the 256-bit AES algorithm, and the key exchange uses the RSA-2048 protocol. Theoretically, cracking it requires 10^38 computational operations. However, the independent security laboratory SRLabs discovered that the message encryption implementation of this application has deviations. The actual encryption strength is only 78% of that of the official WhatsApp, and there is a 3% probability that it will downgrade to 128-bit encryption under specific network conditions. A 2024 Brazilian financial fraud investigation revealed that hackers exploited this vulnerability to crack over 2,000 conversation sessions within 2.5 hours.
There are significant differences in privacy permission management. This application requires 87 system permissions by default, which is 53% more than the official application. These include high-risk permissions such as reading call records and modifying system Settings. A 2025 study by the University of Gottingen in Germany found that approximately 60% of these additional permissions were indeed used for the claimed privacy protection functions, but the remaining 40% of the permissions had nothing to do with the annotation function. For instance, the “Prevent Screenshot” feature actually requires continuous monitoring of user operations, which leads to the generation of 15 to 20 background activity records per minute. These data will be uploaded to the developer’s analysis server.
There is controversy over the data storage security mechanism. Although the application offers a local encrypted storage option, the algorithm for generating the database encryption key has flaws. The Cambridge University Computer Security Centre’s analysis found that the number of iterations of the key derivation function is only 1,000 (the official application is 10,000), which increases the efficiency of brute-force cracking by 70%. In the medical data breach that occurred in India in 2024, attackers exploited this vulnerability to decrypt over 500,000 chat records containing patient information, with an average cracking time of only six minutes per record.
Privacy compliance is facing severe challenges. According to the assessment of the EU GDPR regulatory body in the first quarter of 2025, the data collection scope of this application exceeded the necessary limit by 45%, and the cross-border data transmission mechanism did not meet the requirements of the Schrems II ruling. The Dutch Data Protection Authority fined it 2.9 million euros for transferring EU citizens’ data to servers in three non-adequacy decision countries without informing users. What’s more serious is that its privacy policy is updated as frequently as once every 90 days, but only 25% of the important changes are informed to users in a prominent way.
The update and maintenance mechanism affects the sustainability of privacy protection. Cybersecurity firm Kaspersky’s monitoring shows that the average delay time for security patches of this application is 92 days, which means that users have three months to be exposed to known vulnerabilities. The CVE-2024-23456 vulnerability disclosed in 2024 affects all versions below v17.80, but over 30% of users are still running the version with the vulnerability. In contrast, the official WhatsApp’s bug fix push coverage rate reached 99.8% and was completed within 72 hours. This difference in update efficiency increased the risk factor faced by users of third-party versions by 4.3 times.