Developers for so long have been using the Java Internal APIs for it is easily available. Much roots from the way JDK has been developed. It allows the developers to get hold of various APIs that are not means for external use through a simple import.
These APIs in no way could be detached from the developers unless the access to the JDK maintainers was also severed. However, time and again Java has asked the developers to stop the Java internal API calls but to no use. Now, Mark Reinhold, the chief architect of the Java Platform Group at Oracle stated that Java is now capable of restricting the access to classes such as GC, Unsafe and BASE64Encoder.
During the Oracle Code One Conference, Reinhold stated that, “The JDK [Java Development Kit] has many internal APIs that were never meant to be used by external tools.” He went on to say that, “For decades, we’ve been warning developers against using them. They’ve done so anyways.”
Further, Reinhold believes that the restriction should be done from the platform security point of view. “Of the six high-impact zero-day vulnerabilities reported since JDK 7 in 2011, three of them would have been prevented if we were able to encapsulate Java’s internal APIs,” Reinhold said. It becomes important for the Java developers and administrators to ensure that they are considering the most common vulnerabilities while writing and deploying the Java applications.
A few days back, the platform authorities stated that since Java codes have the cross-platform nature, it implies that OS-level security frameworks would not always be sufficient for ensuring the safety of the applications. Some of the common security issues are SQL injections, Java LDAP Injections, cross site scripting injections and so on.
So security is one of the many factors which encouraged Reinhold to appeal to the programmers and writers. However, security is not the only reason and Reinhold stated that “Starting with JDK 9, if your code uses Java internal APIs, it will not compile, and it may generate warnings at runtime. In future, it will not run.”