Hamburger menus are like malware Hamburger menus are like malware

Hamburger menus are like malware

I assume you are familiar with the icon below.

Hamburger menu icon

It's the iconic (heh) hamburger menu icon, and there is already plenty of discussion on why they should be more carefully considered before implementation. What interests me is that using a hamburger menu, which hides navigation behind a box and rarely considers the current state when showing the possible places to go next, is effectively the same as what malware writers do to make an analyst's job harder.

The Control-Flow Graph (CFG) of a section of non-obfuscated malware might look like this, which depicts some branching and looping.

In comparison, below is a flattened version of the above CFG that some obfuscated malware might produce. This is difficult to analyse because the state of the application does not affect the number of possible branches, and it is unclear what branches lead to what other branches. Hamburger menus are essentially this, a box that will let you go anywhere, but where most places are not where you are interested in going.

I'm not saying that hamburger menus are terrible and should never be used, but the above graph is much nicer, no?