You must love #Android deeplinks! They are the easiest way to get bounties
1. Decompile an app with jadx
2. Collect all deeplink handlers from AndroidManifest.xml, they look like <data android:scheme="airbnb" android:host="d"/>
4. You could find a lot of hardcoded urls like airbnb://d/openurl?url=https:// airbnb.com/blabla. That's much simpler than learning app's sources
That's how I found hackerone.com/reports/401793 and earned $7.5k