If the idea is that a call to https://brax.me/certcheck.php?url= will reply a certificate hash from the checked website, then surely there must be code existing in the app to know that brax.me is actually using the legitimate brax.me certificate. Elseway the MITM attacker can easily reply your app the fake hash as well and the app will give an OK and a false sense of security. I did not find SSL Pinning in the code to prevent this from happening.
If the idea is that a call to https://brax.me/certcheck.php?url= will reply a certificate hash from the checked website, then surely there must be code existing in the app to know that brax.me is actually using the legitimate brax.me certificate. Elseway the MITM attacker can easily reply your app the fake hash as well and the app will give an OK and a false sense of security. I did not find SSL Pinning in the code to prevent this from happening.