I came across an application named GBWhatsapp.It is developed by some unknown people and there are many sites from where you can download the apk. It's not officially on playstore for some reason.
It was a big surprise to me to see that using this app I can actually chat with the people who are using official WhatsApp application.
I did Some googling and found out that it is a Modded app of the original whatsapp application. It is built on top of the original application. Means some people/developers/engineers decompiled the original apk and inserted their code and published it with another name.
My Question is, Is Whatapp APK is so much less secure that some engineers were able to decompile it's java code succesfully? and they provided a lot of new features which are not there in original app?
I know apk can be decompiled but if the original developers team has obfuscated the code (proguard etc). then it's almost impossible to reverse engineer the java code. how did this happen?
Also, If it not a modded app. means they build their own app which is similiar whatsapp, then how they are able to send messages to the official app
Is Whatapp APK is so much less secure that some engineers were able to decompile it's java code succesfully? and they provided a lot of new features which are not there in original app?
Whatsapp for Android contains both Java and native code. Code obfuscation makes it difficult for an attacker to understand the code, but does not prevent decompilation and modification on its own. In order to prevent that, Whatsapp developers should had used additional tools providing runtime self-protection.
how they are able to send messages to the official app
There are several ways to do so. First, is that indeed they could have modified the original app. Alternatively, they could have figured out the network protocol and implemented that in their app. As soon as the network protocol is clear, you don't have to have an original app anymore, unless it uses techniques to only authorize messages from the original app.