By pinning the cert, the inspection of the protocol wouldn't have been possible the first place, since the app would reject fiddler's SSL cert. The tinder APK would only contain the information needed to verify the cert, not generate a valid one. If this wasn't the case, SSL would be useless.
Then you crack the app and bypass the auth check. App continues to talk to server, you continue to document the api. Or hook a debugger into the app and watch what network calls it makes. The only real solution would be to do sanity checks on the server.
