blog vibe 

Viber Integrates ChatGPT into Its App and Violates the GDPR: Remotely Activated Artificial Intelligence Interferes with Conversations and Transcribes Content

As someone who has been working in online security and privacy for years, I’ve seen a lot. But the way Rakuten Viber launched the ChatGPT integration and secretly installed ChatGPT on users’ phones goes far beyond the usual boundaries of “user experience improvements.” Yet Viber is not an isolated case of abuse and brutal invasion of privacy.

 

ChatGPT: A Sleeping Cell in Viber

When a company secretly embeds a program like AI (ChatGPT) into an app and then activates it remotely, it makes you seriously wonder: Where have we ended up in terms of security and privacy? Who can even protect us from predators anymore, when public services can barely make their way through PDF forms?

Viber has recently and rather quietly activated ChatGPT within its popular app. It has become active on the phone and is a bit of a nuisance, especially for someone who values privacy. Interestingly, ChatGPT was already present on the device before the very latest updates, but it wasn’t active yet. Even if you haven’t updated Viber recently—or even a month ago—the AI was already there when you reached version 28.0, where it was first hidden within the app. But recently, they’ve activated it remotely, without the user’s knowledge or consent.

This isn’t a glitch—it’s a major problem.

 

What actually happened?

In the spring of 2026, I last updated Viber in May. Nothing new. Then, just recently, overnight, ChatGPT appeared in the app—a separate tab, the @ChatGPT option in chats, AI summaries, translations, message polishing, and image remixing. Without me pressing “Update” or “Enable AI.”

The feature was activated via a server-side rollout. This means: Viber remotely changed the app’s behavior without requiring users to download a new version. To me, this is a classic example of a silent push of new functionality.

 

Why is this problematic?

Lack of consent (opt-in)

ChatGPT enabled itself automatically. There was no “Do you want to enable AI features?” screen or clear notification. This is not an opt-in, but a forced opt-out. Under the GDPR, consent for data processing must be clear, informed, and given voluntarily. That was not the case here.

Sending Data to OpenAI

When you use any AI feature, Viber sends the content (messages, images, chat context) to a U.S. provider. Even if they say it’s “only what’s necessary” and “not for training,” this constitutes a transfer of personal data from the EU to the U.S.—without prior clear notification.

A private app becomes semi-public

Viber isn’t a toy. People use it for personal, business, family, and sometimes very sensitive conversations. When AI powered by an external provider is quietly inserted into such an environment, the boundaries of privacy shift without your knowledge.

“Everyone’s doing it” is no excuse

It’s true that WhatsApp, Telegram, Facebook, and others are doing similar things. But just because multinational corporations are doing something doesn’t mean it’s in line with the spirit of the GDPR. The European regulation was adopted precisely to curb such practices.

 

What can I do as a user?

  • Check your settings → Calls and messages and look for the “Disconnect ChatGPT” option (this feature doesn’t work as intended, so try it later—and repeat this 100 times or more).
  • You can request information from Vibra about what data they’ve sent to OpenAI regarding you (Data Subject Access Request).
  • If you’re not satisfied, file a complaint with the Information Commissioner (who, however, either doesn’t know much about this or doesn’t want to know much, and seems unhelpful).
  • Consider switching to apps with a stronger focus on privacy (e.g., Signal).

 

Bottom line

What happened with Viber isn’t a technical glitch. It’s a systematic approach by big tech companies: first we add features, then we ask for forgiveness (if at all). We’ve gotten used to apps “adding things” to our lives without asking. And that’s exactly why they can get away with it.

Privacy isn’t a given. If we don’t actively demand it, we’ll lose it bit by bit—one silent server-side update at a time. The question is, however, how would the predators who finance key decision-makers in democratic institutions react?


Have you also noticed ChatGPT suddenly appearing in Viber without an update?

Share your experiences in the comments. Together, we can more easily demand greater transparency.

This article is based on personal experiences and an analysis of GDPR requirements. It is not legal advice.

Related posts

Leave a Comment