Are software "Easter eggs" safe?
Easter egg hunts are a favorite activity for kids and adults alike, and on Easter Sunday, backyards, church grounds and even the White House will host their own competitions. Cyberspace has its own Easter eggs (a hidden message in software applications), and the hunt for them is just as fun as for real eggs. I asked Filip Chytrý, a researcher in the avast! Virus Lab specializing in mobile malware, about his favorite Easter eggs.
"I hate boiled eggs," Chytrý joked, "but revealing Easter eggs in applications is pretty fun especially if you just have a clue, but don’t have any idea where to start."
Can Easter eggs be malicious?
We're not too keen on hidden code that no one knows about here at AVAST, so I thought it was a good question. Filip explained that to successfully make an Easter egg, the programmer has to hide the surprise from his fellow team mates and his employer, as well as the end user. It occurred to me that if programmers can hide fun things, it's not a huge leap to hiding malicious things. Backdoors, for instance?
"We have not seen an Easter egg that might be considered as malware. There are plenty of original apps for Android which are modified to distribute malware by adding some kind of a downloader, but it's without the user's interaction. Easter eggs have remained harmless; Android apps - not so much," said Chytrý.
Are there Easter eggs in mobile software?
"There are Easter eggs in the latest versions of Android," said Chytrý. "To access the Easter egg in your device, open the settings screen and tap About phone at the bottom of the screen. Locate Android's version number on the about screen and quickly tap it several times."
It worked with Android KitKat on my Nexus 4, but may not work in the modified OS of some device distributors. Find out how to access older Android OS Easter eggs.
Here are some other Easter eggs for you to play with. Share ones that you know in the comments below.
Filip Chytrý and his colleague, Peter Kálnai, will be speaking about mobile malware at the CARO Conference in May. "Like I stated in the blog post about CARO, the amount of mobile threats are rising and more sophisticated attacks appear every day," said Chytrý. "We suggest that you protect your Android devices with good antivirus software."
Easter special on avast! Premium Mobile Security
Starting now, you can get 2 years of premium protection when you buy only 1 year. Download the free version of avast! Mobile Security from Google Play, and look for the special offer on the screen.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
Android owners with Avast Mobile Security can now use remote controls to find lost or stolen phones, and even get a picture of the thief in the process.
Mobile malware authors are once again trying to circumvent antivirus detections by using a sandbox.