Android Budapest September 2025

Returning from a summer break, it's time for school - we mean... an Android Budapest meetup. At our September event, you can learn more about the technology and meet fellow mobile devs in person!

As usual, we’ll have two great talks to set the mood for the evening's conversations, exploring Compose Hot Reload 🔥 and JavaScript security issues with WebViews.

📜 Schedule:
18:00 - 18:30: Gathering and socializing
18:30 - 19:05: First talk
19:05 - 19:30: Break
19:30 - 20:00: Second talk
20:00 - : More socializing!

—

🔷 Blazing Fast UI Development with Compose Hot Reload - Márton Braun, JetBrains

When working on UI, you want to see the results of your code changes as fast as possible. Waiting for apps to rebuild and relaunch, then getting the app to the desired state again only gets in your way.

Compose Hot Reload is a new JetBrains project that gives you live updates after code changes when running a Compose app on desktop - so you can see and feel how your app’s behaviour changes, without having to relaunch it at all. And you even get to keep your existing state!

In this talk, we’ll experience coding with Compose Hot Reload enabled with exciting live demos, and also learn a bit about how it all works under the hood.

If your project doesn’t have a desktop target yet… it might just be time to add one!

🔷 Overcoming JavaScript-related Unsecurities in WebViews - Balázs Gerlei, Nevis Security

In my previous talk with a similar title from last year, I briefly discussed running JavaScript in Android WebViews, stating that it could be a talk of its own. Since then, multiple people have asked about this topic, so I decided to make it to further help overcome the insecurity one may feel when working with unsecured WebViews. It’s an often-cited suggestion that you should disable JavaScript to secure your WebViews, but what if you explicitly want to execute JavaScript?

The easiest way to run JavaScript on Android is to create a “headless” WebView (that is not visible). There are many traps to be aware of, including:
- Allowing remote code execution via Cross-Site Scripting (XSS)
- Unintended access to Android components
- Unintended access to files via WebResourceResponse or URI
- Leaking data through the JavaScript Bridge

I’ll describe and demonstrate such attacks and show you ways to mitigate and secure your app. You will learn the importance of fully controlling the JavaScript you execute, how to restrict access to native components, on-device data, and more.

—

🏢🍴 Thanks to Supercharge for hosting us in their office, and keeping us fed and hydrated throughout the event!

🚪 Doors open at 18:00 and the first talk starts at 18:30!

🗓️ The event is free but requires registration, so please RSVP here and don’t forget to update your response if it changes!

📸 We plan to take photos, so if you would not like to appear on them, please tell one of the organizers!

🎤 We are always looking for new presenters, so if you have an idea for a talk, please reach out to us at meetup@androidbudapest.com or submit at https://androidbudapest.com/talkidea!