Due to the fact that Android stores WhatsApp conversations on External memory, hackers need to remotely access the External memory through another app and Then they need a place to store the WhatsApp database, preferably a webserver. Then they need to put a malicious Android app on the user's phone; this malware will download the WhatsApp database onto the server.
Lately WhatsApp made a security update using encryption to encrypt the database, so it can no longer be opened by SQLite. But Bosschert outlined that it He simply decrypt this database using a simple python script. This script converts the crypted database to a plain SQLite3 database.
On Android, any app that has full access to the smartphone and can access data from other apps and upload it to third parties But this brings up, yet again, lingering questions about Android infrastructure.
By comparison, Apple doesn't allow access to data outside of an app's own sandbox, which stops malicious developers from tinkering with your data through a dummy app, as described above.