Inner classes have access to all the fields of their surrounding class, making them a source of leaked capabilities and of leaked data. There is no bytecode support for inner classes, so they are compiled into ordinary classes with names like OuterClass$InnerClass. So that the inner class can access the private fields of the outer class, the private access is changed to package access in the bytecode. For that reason, handcrafted bytecode can access these private fields (see âSecurity Aspects in Java Bytecode Engineeringâ \[[Schoenefeld 04|AA. Bibliography#Schoenefeld 04]\] for an example). | 