What is Java Serialization?
Why Interviewers Ask This
Senior Java engineers are expected to reason about architecture, performance, and edge cases. This question separates mid-level from senior candidates by testing deep system-level understanding.
Answer
Serialization is the process of converting an object's state into a byte stream for storage (file, database) or transmission (network). Deserialization reconstructs the object from the byte stream. A class must implement java.io.Serializable (a marker interface with no methods) to be serializable. The serialVersionUID is a version identifier — if the class changes and the UID does not match the deserialized data, an InvalidClassException is thrown. Mark fields with transient to exclude them from serialization (e.g., passwords, cached values). Security warning: Java serialization has known vulnerabilities (deserialization gadget chains) — prefer modern alternatives like JSON (Jackson, Gson) or Protocol Buffers for data exchange.
Common Mistake
Candidates often give textbook answers here. Interviewers are more impressed when you relate the concept to a specific problem you solved in a real Java project.
Previous
What is Java NIO and how does it differ from traditional IO?
Next
What are Java 9 modules (JPMS)?