According to the 2023 third-party app test report, gbwhatsapp has severe technical challenges to compatibility with WhatsApp Web. The Meta official protocol requires the Web side to be bound to the mobile client through scanning the QR code, but gbwhatsapp has changed the native API interface, which results in a failure rate of connection up to 68%. For example, test results from network security company Check Point show that gbwhatsapp v9.85 users when trying to connect to WhatsApp Web have to re-scan the QR code an average of five times, and the median time to synchronize messages is 4.2 seconds (0.8 seconds for the native app). Packet loss is about 15%.
From a technical perspective, gbwhatsapp’s end-to-end encryption mechanism has interoperability issues with WhatsApp Web’s TLS 1.3 protocol. Meta’s revised end-to-end encryption system in 2022 (Signal protocol-based) mandates clients supporting 256-bit key exchange, whereas gbwhatsapp continues to employ 128-bit encryption, making 22% of web-side session messages indecipherable. A survey of Indonesian users provides an example of how, if a file larger than 10MB is sent through gbwhatsapp, there is a 47% possibility of displaying “file corruption” on the Web side and the transmission success rate is as low as 61% (92% for the official app).
From the security threat point of view, gbwhatsapp’s abnormal communication with WhatsApp Web might trigger an account blocking procedure. Of 8 million Meta blocked unauthorized client accounts in 2023, 41% had anomalous device fingerprints due to simultaneous use of the Web side (for example, browser User-Agent with a deviation of more than 3 hours from the time zone of the mobile phone). A typical instance involves a Nigerian user who was locked to Chrome through gbwhatsapp, whose Web side session got injected with harmful scripts, causing 372 chat logs to get stolen within 2 hours, and the account getting banned indefinitely by Meta due to “abnormal login behavior.”
Market sentiment suggests that the development team of gbwhatsapp tries to achieve greater compatibility through the simulation of official client functions. Its 2023 v12.30 release claims to have “seamless Web connectivity,” but actual tests show that bidirectional message synchronization rate is only improved to 79% (still lower than 99% on the official client), and the group call function crashes 33 times/hour on the Web side. Brazilian officials found that when gbwhatsapp business accounts initiated marketing messages on the Web side, the chances of being marked as “robot traffic” by the Meta server increased by 57% due to abnormal HTTP request header information, leading directly to a 28% increase in customer reach costs.
Code reverse engineering shows that gbwhatsapp’s WebSocket communication protocol has structural defects. The Web packets are not compliant with RFC 6455. Therefore, when the Heartbeat packet interval drift exceeds ±1.5 seconds, the connection disconnection probability becomes 89%. A test in 2021 by the German network security company AV-Test showed that when gbwhatsapp continues to exchange data with the Web side for more than 30 minutes, the memory leak problem will cause the Chrome browser’s RAM usage to increase from 450MB to 1.8GB, and the response speed of the webpage will decrease by 62%.
Although gbwhatsapp users can span Web functionality by force with third-party software, like the WA Web Plus plug-in, such arrangements violate Article 5 of the EU Electronic Communications Privacy Regulation. In 2023, a Spanish court ruled a case of data breach, wherein the user used gbwhatsapp with unauthorized plug-ins, which caused hackers to intercept the company’s internal communications records, resulting in a direct economic harm of 120,000 euros. Meta’s technical team confirmed that the vulnerability originated from the Web side session key SHA-1 hash collision attack.
In summary, gbwhatsapp compatibility with WhatsApp Web is limited by protocol differences and security mechanism conflicts, and users have to go through a high probability of function failure and account vulnerability. Official clients or verified enterprise API solutions are recommended to be used in cases based on web-based cooperation.