4

I came across an application named GBWhatsapp.It is developed by some unknown people and there are many sites from where you can download the apk. It's not officially on playstore for some reason.

It was a big surprise to me to see that using this app I can actually chat with the people who are using official WhatsApp application.

I did Some googling and found out that it is a Modded app of the original whatsapp application. It is built on top of the original application. Means some people/developers/engineers decompiled the original apk and inserted their code and published it with another name.

My Question is, Is Whatapp APK is so much less secure that some engineers were able to decompile it's java code succesfully? and they provided a lot of new features which are not there in original app?

I know apk can be decompiled but if the original developers team has obfuscated the code (proguard etc). then it's almost impossible to reverse engineer the java code. how did this happen?

Also, If it not a modded app. means they build their own app which is similiar whatsapp, then how they are able to send messages to the official app

Abdul Mohsin
  • 1,253
  • 1
  • 13
  • 24
  • `Is Whatapp APK is so much less secure that some engineers were able to decompile it's java code succesfully?` you can try this yourself to see :) `they provided a lot of new features which are not there in original app?` if they decompiled it then they can add new features, sure – a_local_nobody Feb 27 '20 at 08:26
  • @a_local_nobody well. ill try it now. by your comment it sounds like it will decompile easily 8-|. are you being sarcastic :D :D – Abdul Mohsin Feb 27 '20 at 11:09
  • there are a lot of tools available to decompile – a_local_nobody Feb 27 '20 at 11:23

1 Answers1

5

Is Whatapp APK is so much less secure that some engineers were able to decompile it's java code succesfully? and they provided a lot of new features which are not there in original app?

Whatsapp for Android contains both Java and native code. Code obfuscation makes it difficult for an attacker to understand the code, but does not prevent decompilation and modification on its own. In order to prevent that, Whatsapp developers should had used additional tools providing runtime self-protection.

how they are able to send messages to the official app

There are several ways to do so. First, is that indeed they could have modified the original app. Alternatively, they could have figured out the network protocol and implemented that in their app. As soon as the network protocol is clear, you don't have to have an original app anymore, unless it uses techniques to only authorize messages from the original app.

tripleee
  • 175,061
  • 34
  • 275
  • 318
Anton Baranenko
  • 564
  • 1
  • 4
  • 7
  • Well. I think they may built it on top of the original app. by modifying it. I tried it yesterday and YES :) I was able to rebuild the whatsapp apk by changing it's icon :D. and installed it successfully in my phone. – Abdul Mohsin Feb 28 '20 at 05:33