Ashley King writes about an experience with bug bounty:
“Whilst working on the Facebook Bug Bounty Program in June 2018 we had identified an issue with the webview component used in the Facebook for Android application. The vulnerability would allow an attacker to execute arbitrary javascript within the Android application by just clicking a single link.
“I was able to execute this at 3 different end points before we concluded the issue was primarily with the webview component rather than just the reported end points themselve. After going back and forth with the Facebook security team they quickly patched the issue and I was rewarded with $8500 under their Bug Bounty Program.”
https://ash-king.co.uk/facebook-bug-bounty-09-18.html?fbclid=IwAR1D47yyW9B6YadOcF3PxrwxHiQiySEhFzqijNQMKMjwuv1eSzz8OuVZBzc
Have you checked out the bug bounty opportunities? You don’t necessarily have to be a code wizard to try this; victory goes to the person who notices the right thing. Read the article linked above to see how Ashley did it.