Third-party modification of GB WhatsApp features has led to regular security vulnerabilities. A cybersecurity company Check Point 2025 report on research points out that within the GB WhatsApp installation packages coming from unofficial websites, 32.7% were infected with malicious software (the official WhatsApp being just 0.9%), and 15% of the malicious code would steal bank verification SMS messages. This has caused a average annual loss of 43 million US dollars to Brazilian users. Also, its code base has not received the ISO 27001 certificate and there are 12 high-risk vulnerabilities (the official has only 2). The account permissions can be taken over by attackers within 0.5 seconds through the “message preview lazy loading” vulnerability. Till 2025, more than 28 million devices worldwide have been impacted by this.
Compliance risks are one of the more serious latent risks. Because GB WhatsApp was prohibited by the terms of the Google Play Store, users had to install it by hand through APK files. The European Union in turn fined its developers 120 million euros in 2025 and required the removal of all non-compliant features (such as cross-border data storage) within 30 days. According to a Wall Street Journal survey, 23% of the users of WhatsApp in Indonesia, Egypt and other countries have been banned forever by official WhatsApp when they utilized the “message anti-recall” service, and its complaint effectiveness ratio is only 4.8%. The uglier side is that its decentralized server arrangement contains 12 jurisdictions. In highly data sovereign countries such as Russia, the chances that law enforcement officials have a right to obtain chat logs are as high as 89% (37% in official requests).
The actual effect of privacy protection is controversial. Even though GB WhatsApp boasts of offering “end-to-end encryption”, experiments conducted by ETH Zurich in 2025 indicated that its metadata retention rate (such as the time spent sending and device model) was threefold that of the official app, and the probability of sharing user behavior data with advertisers increased to 18%. For instance, 380 employees of a Pakistani healthcare organization used GB WhatsApp to exchange patients’ health records, and 16TB of confidential data became ransomware compromised because the backups were not encrypted, and the recovery cost exceeded 750,000 US dollars. Aside from that, although its “incognito mode” hides the online status, the device still keeps sending periodically a heartbeat message to the server every 10 minutes so that the actual active time of the user can be inferred backward with an error tolerance of only ±7 minutes.
The gear’s performance and stability issues cannot be ignored. GB WhatsApp is 42% more memory-intensive than the official version because of inflated code. Startup time on low-end smartphones has been extended to 6.8 seconds (the official takes 3.2 seconds), and the background process uses 85mAh of power per hour (the official uses 48mAh). Stats of the Indian Consumer Forum in 2025 suggest that for GB WhatsApp-using phones over one year old, battery drain rate increases by 29%, and growth in storage space usage is 1.2GB per month (largely caused by uncompressed media files). More gravely, its “dual-account” mode has raised the chances of resource conflicts in the system to 17%, and the frequency of causing application crashes on devices such as the Samsung Galaxy S25 is 2.3 times per day on average.
Abuse of functionality magnifies social threats. The “unlimited forwarding” functionality of GB WhatsApp has magnified the rate of dissemination of fake information by 55%. In the 2025 Nigerian general election, this platform sparked rumors that led to a violent confrontation in three states, causing direct economic losses of 240 million US dollars. Meanwhile, its “hide double hook” function was taken advantage of by criminal elements to extend the window period for phishing: Numbers of the Brazilian police show that in financial frauds carried out utilizing GB WhatsApp in 2025, the rate of victims who postponed reporting to the police because they did not know that the messages were not opened was as high as 63%, and the average rate of fund recovery dropped from 19% to 7%. Although GB WhatsApp offers the “two-factor authentication” functionality, the actual activation rate is just 14% (the official one is 41%), which makes the hijacking threat of an account even worse.