I've said it up-thread, but never ever never never pin to anything public. Don't do it. It's bad. You, and even the CA have no control over the certificates and cannot rely on them remaining in any way constant. Don't do it. If you must pin, pin to private CAs you control. Otherwise, don't do it. Seriously. Don't.
There's not really a better option if you need your urls to work with public browsers and also an app you control. You can't use a private CA for those urls, because the public browsers won't accept it; you need to include a public CA in your app so you don't have to rely on the user's device having a reasonable trust store. Including all the CAs you're never going to use is silly, so picking a few makes sense.
You don't need both of those things. Give your app a different url.
Why should I trust a CA that has no control over the certificate chains?
Because they operate in a regulated, security industry where changes happen - sometimes beyond their control?
Repeating it doesn’t make it any more true. Cert providers publish their root certs, you pin those root certs, zero problems.
Then the CA goes away, like Entrust. Huge problems. I speak (sadly) from experience.
They rotate those often enough.