Basically, that cert pinning is an excellent and practical way to opt out of trusting the CA system on mobile phones. They link to a detailed guide of how to do this on many systems, including Android.
Cert pinning for third party services, like Google Analytics, is maybe more tricky, but also very worthwhile.
The Reset the Net campaign makes some great points in this post about securing mobile apps:
http://resetthenet.tumblr.com/post/84327981750/how-we-secure-our-phones-ssl-cert-pinning-pfs
Basically, that cert pinning is an excellent and practical way to opt out of trusting the CA system on mobile phones. They link to a detailed guide of how to do this on many systems, including Android.
Cert pinning for third party services, like Google Analytics, is maybe more tricky, but also very worthwhile.