I suspect that this would be a "perfect is the enemy of good" type of situation w.r.t. native apps. Key pinning is certainly the preferable solution for native apps, but defaulting to at least the security properties provided by the Web PKI (which, obviously, isn't perfect, but it is a significant hurdle for an attacker). I mean, we've had plenty of reports of various mobile apps not getting certificate validation right in the last couple of years, imagine what the situation would be like if TLS backed by the Web PKI weren't the default? How many apps would even bother to implement pinning, and how many would get it right?

I think defaulting to the Web PKI and strongly encouraging use of key pinning (with good tooling, etc.) is the right approach here.