Java Serialization? SRSLY?
It’s 2013, and I still see questions crop up about using Java serialization to pass data between an Android app and a Java-based server.
And here I thought Java serialization had died a well-deserved death some time ago.
Pro tip: Do not use language- or platform-specific serialization when you do not completely control the readers and writers of that serialized data.
So, for example, using Java serialization to pass data from a Java Web service to a Java job queue manager is reasonable, if you wrote both or otherwise have confidence that you can control what JVMs they run on. JVMs are supposed to have compatible serialization structures, even across JVM versions, but there are always possible bugs. Having control over the environment, though, means that you can force both sides to run the same JVM version if that proved necessary.
But using Java serialization to go between your server and a mobile environment?
First, Android’s Dalvik VM is not a JVM. While there has been some
effort in place to make Dalvik’s versions of core classes be
serialization-compatible with JVM versions, there is a far greater chance
for issues. There are even some known issues in this area,
such as
those surrounding TimeZone.
Second, what happens when you decide that you want to support mobile platforms other than Android? While Java serlialization may be convenient for Java, it is very inconvenient for non-Java. What are you going to do for Objective-C, C#, JavaScript, etc.?
Third, what happens when you decide that you need to re-implement your server infrastructure, and you elect to go with something other than Java? Once again, Java serialization is no longer your friend. Getting all the users to upgrade to some new app with some new serialization mechanism, or getting your non-Java server to serve up Java serialized data, will be a significant problem.
If there were no decent options other than Java serialization, then perhaps these costs could be worthwhile. But, from hand-rolled JSON and XML, through protobuf, Apache Thrift, and beyond, there are any number of platform- and language-neutral object serialization formats. Use one of those, over Java serialization, to give yourself greater freedom on both ends of your communications pipe.
