Strictly speaking, a private API is a callable function which is not documented as a public API. If you expose an API to the user/customer, you have to decide which functions are supposed to be called and for those public functions document them. As soon as you declare a function "public" you also have to make certain guarantees about them working, and ensure they continue to work as intended into the future.
Private functions are residing in the same libraries as the public ones, so depending on the language used, it takes a little bit more or less effort to find out about them and call them, but they are not intended to be used from the outside. Often enough, it is just because no one wants to document them or guarantee for future compatibility. But private functions are not as rigorously tested as public ones, or not for all use cases. Also, the caller can only guess how they are supposed to work, this directly leads to security implications, the call could screw up or just crash the device. So it is quite understandable, that calling private functions is discouraged by software companies.
Apple forbids the usage of private APIs in their app store guidelines. f.lux worked around this "limitation" by loading the binary code which did the private calls after being installed by the user - which is also against the app store guidelines. So they overstepped the rules on two accounts which caused the ban.
Private functions are residing in the same libraries as the public ones, so depending on the language used, it takes a little bit more or less effort to find out about them and call them, but they are not intended to be used from the outside. Often enough, it is just because no one wants to document them or guarantee for future compatibility. But private functions are not as rigorously tested as public ones, or not for all use cases. Also, the caller can only guess how they are supposed to work, this directly leads to security implications, the call could screw up or just crash the device. So it is quite understandable, that calling private functions is discouraged by software companies.
Apple forbids the usage of private APIs in their app store guidelines. f.lux worked around this "limitation" by loading the binary code which did the private calls after being installed by the user - which is also against the app store guidelines. So they overstepped the rules on two accounts which caused the ban.