I spent a while reverse-engineering Clubhouse's API and what data they were sending, and even they use cert pinning. Most of the big apps all do.