2. I don't keep my sources closed, I did publish them on xda-developers[1], but they've changed things around a lot since then and the links in my post broke. I need to reupload them somewhere. I avoid lawsuits by not being related to the US in any way whatsoever. And either way I don't think patching someone else's code is illegal, especially since no DRM is circumvented in the process. Making "get an official apk first" the first step, instead of distributing decompiled smali files, probably also helps.
> If you wanted to open source how you patched Instagram, how would you avoid lawsuit?
Operate as if you were operating an underground drug marketplace or worse. If those technologies are able to thwart international law enforcement investigations, they're definitely strong enough to protect you from Facebook, not to mention that nobody will burn a zero-day to make Big Advertising happy when that zero-day can be better used to take down multimillion-dollar drug marketplaces (or worse).
If clearnet infrastructure is needed, put it in a country that gives the middle finger to the US. Being located there is also a huge bonus.
Alternatively, support copyright reforms and campaigns for privacy laws and their enforcement (which is currently lacking when it comes to the GDPR), so that such projects become unnecessary. In the meantime, don't use such services as much as possible.
2. If you wanted to open source how you patched Instagram, how would you avoid lawsuit?