If I understand correctly, Whitebox AES is a way of transforming decryption code to make impossible to recover the decryption key, even if you have access to the code.
But what's stopping someone from just separating the entire whitebox decryption function from your program and using it inside their program? They won't have the key, but they'll be able to decrypt any data and use it for whatever they want.
This is answered in the Whitebox AES paper. I've quoted the relevant section, which occurs on the second page:
A natural question is: if an attacker has access to executing decryption soft-ware itself, why worry about preventing secret-key extraction --- the attacker could simply use the software and platform at hand to decrypt ciphertext or access plaintext. The answer (see also section 2.2) is that our techniques are targeted mainly at software-based cryptographic content protection for Internet media, rather than at more traditional communications security. In such applications, the damage is relatively small if an attacker can make continued use of an already-compromised platform, but cannot extract keying material allowing software protection goals to be bypassed on other machines, or publish keys or software sub-components allowing `global cracks' to defeat security measures across large user-bases of installed software. Our solutions can also be combined with other software protection approaches, such as node-locking techniques tying software use to specific hardware devices.
Their argument is essentially that key extraction can allow you to completely break DRM for all users in a way that "stealing the whitebox" would not. I believe famous DRM breaks (say against the PS3) involved key extraction, so their claim may have been justified by history.