hey, when using selfsigned ssl cert and hardcoding it in the apk, so its the only one in the trust manager does it make sense to implement public key pinning via okhttp certificate pinner? isnt it the same thing?

Afaik they are not the same, they are listed as different security methods here: https://developer.android.com/training/articles/security-ssl Here is a very exhaustive article about pinning: https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e

right, but arent ultimately pins calculated from certificates? so if i trust only 1 cert, isnt that effectively the same?