Is there a way around that at all without modifying the binaries ?

You can also jump the right if statement during runtime, but yeah, you are still modifying the program's execution rather than something on the outside. That's the whole point of TLS: both parties know their connection is secure. So I'd say "no, there is no other way, other than by finding a vulnerability in TLS".

If the app uses the system TLS libraries for comparing certificates, you could just make the appropriate API always return "true". In-memory patching avoids affecting anything else.

I don't expect so, I guess I'm wondering if the mitmproxy community has any insight into what they'd do to the binaries.

Last time I did this, I had to reverse the binaries and remove the cert pinning code. There are a few examples of this around the place, but it can get fairly complex pretty quickly.

For iOS, there is this tool: https://github.com/nabla-c0d3/ssl-kill-switch2

There are some Frida scripts running around for this purpose. However I don't have any personal experience with them, so I have no idea how reliable they work.