Certificate pinning is relatively easy to disable on jailbroken iOS devices and rooted Android phones. I'm not highly technical and I did it myself to sniff Snapchat traffic 2 years ago. Any half competent security researcher should be able to do this trivially.