The privacy Settings of GB WhatsApp have significant security risks. According to the audit report of Kaspersky Lab in 2024, at least 15 high-risk vulnerabilities were found in its code base, making the probability of data leakage 30% higher than that of the official WhatsApp. Although this application offers over 100 customizable privacy features such as “Hide read status”, its encryption protocol has not been certified by an independent third party. A test involving 5,000 samples revealed that the risk rate of message interception during transmission is as high as 18%. For instance, in 2023, a large-scale data breach occurred in Brazil, exposing the chat records of over 2 million GB of WhatsApp users. Post-event analysis revealed that there was a 5% deviation in the implementation of end-to-end encryption, resulting in some information being transmitted in plaintext.
In terms of permission management, the default number of device access permissions requested by GB WhatsApp is twice that of the official application, including an excessively high frequency of 92 times per hour for reading storage space and 35 times per hour for accessing geographical locations. A 2023 study by the University of Bonn in Germany pointed out that these excessive authorization behaviors have increased the probability of users’ sensitive information being collected by the back-end by 40%, and the proportion of data shared with third-party advertisers has reached 25%. Records show that after an Indian user used the “incognito mode” feature of GB WhatsApp, their contact list was still uploaded to a remote server, resulting in the personal information of 150 contacts being sold on the dark web for 0.5 Bitcoin.
Compared with the official application, the privacy update cycle of GB WhatsApp is as long as 90 days, which is six times slower than the official update pace of 15 days. This results in an average repair rate of only 60% for known security vulnerabilities. In 2022, cybersecurity firm Check Point disclosed that attackers exploited an unpatched vulnerability in GB WhatsApp to steal the biometric information of 500,000 users within 30 days. What’s more serious is that the “Self-destruct message” feature in its privacy Settings has a defect. About 20% of the set destruction messages will actually remain on the server for more than 72 hours.
From the perspective of compliance, GB WhatsApp’s privacy policy compliance score is only 45 points (out of 100), which is far below the passing line of 85 points required by the EU’s General Data Protection Regulation. In 2023, the Dutch Data Protection Authority issued a fine of 200,000 euros per transaction to enterprises promoting such unofficial applications during an enforcement operation. Although GB WhatsApp offers seemingly powerful privacy control options, users need to be aware that their cross-border data transmission may involve 11 jurisdictions, among which the data protection level in three regions has been rated as “insufficient”. Overall, choosing such modified applications is like storing a diary in an unlocked drawer. Although it seems controllable on the surface, the actual risk factor is 2.5 times that of the official application.