Yes, you would still need some form of security around the connection to the server that provides you the pins to use. Of course this could be a pin itself or a hash calculated using a public/private key pair with the public key stored in the app. Personally, I think its a huge challenge to get this right.

Matt Dolan has been eating doughnuts and developing with Android since the dark days of v1.6.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store