We require certificate pinning between the phone app and the authentication server. [Pinning is the process of associating a host with their expected X509 certificate or public key.]
Once a certificate or public key is known or seen by a host, the certificate or public key is associated or ‘pinned’ to the host.
The integrity of data sent from the phone app to the authentication server is verified with a digital signature for the data packets sent over the encrypted connection. [A digital signature is an authentication mechanism that enables the creator of the message to attach a code that acts as a signature.]