Certificate pinning can be useful, especially in particularly sensitive areas. But I wouldn't expect it as a standard security practice. If anything I appreciate that it isn't done so that reverse engineers can thoroughly study the traffic on their own devices. I agree that it was odd that the article mentioned it more than a quick note, let along made a big deal out of it.