CPCC App APK events reverse engineering

#get the APK [Note that it is 70MB]
#https://play.google.com/store/apps/datasafety?id=com.subsplashconsulting.s_TRHJMF&hl=en_US&gl=US
#also note this app wants permissions for location, camera, contacts, and other it does not need
#and according to google play this app collects data, including those above and more and
#shares them with third parties
https://m.apkpure.com/center-point-naples/com.subsplashconsulting.s_TRHJMF/download

#install the APK
adb install cpcc.apk

#run the follow and then start the app and start browsing the app
adb shell logcat|grep http

#notice that there is a lot of subsplash.com
#narrow the search down with
adb shell logcat|grep "subsplash.com"

#one interesting link is the "event-list"
#it's json
wget "https://feeds.subsplash.com/api/v1/event-list/a03aad55-5a0d-4f82-bf6d-bef7cac7c499" -qO-|jq .

#let's get just the urls listed in the json that are "events"
wget "https://feeds.subsplash.com/api/v1/event-list/a03aad55-5a0d-4f82-bf6d-bef7cac7c499" -qO- |jq .|grep url|grep event|cut -d\" -f4

#Maybe just use jq to be neat about it
wget "https://feeds.subsplash.com/api/v1/event-list/a03aad55-5a0d-4f82-bf6d-bef7cac7c499" -qO- |jq -r '.items[].actions[].url'

#ok, each one of those is more json,
#but the urls within that are webpages
#let's just loop through each one and open the url

eventlist="https://feeds.subsplash.com/api/v1/event-list/a03aad55-5a0d-4f82-bf6d-bef7cac7c499"
wget "$eventlist" -qO- |jq -r '.items[].actions[].url'|while read event;
do
  url="$(wget -qO- "$event"|jq -r '.actionSheet.items[0].actions[].url')"
  xdg-open "$url"
done

#lets view it as a list
wget "$eventlist" -qO- |jq -r '.items[]|(.title +","+  .actions[].url)'

#lets use that to select and open that event's page
event="$(wget "$eventlist" -qO- |jq -r '.items[]|(.title +","+ .actions[].url +","+.date)'|fzf|cut -d\, -f2)"

url="$(wget -qO- "$event"|jq -r '.actionSheet.items[0].actions[].url')"
xdg-open "$url"