There is a way to self-xss in the mobile app (made on Android)
- Open dm with anybody (myself in my case)
- Send "<img src=x onerror=alert(1)>"
- It alert : "1"
(Reopen the DM doesn't reexecute the script, it only work on the sender at the sending)
It maybe can be injected with other way