We have implemented and successfully verified client side certificate checking with an iOS7 app and Apache server. The question is: is this enough to counter a MITM attack or should we also implement some kind of certificate check (like outlined here https://web.archive.org/web/20140217232458/http://www.inmite.eu/en/blog/20120314-how-to-validate-ssl-certificates-iOS-client )
No, but authenticating that the identity in the certificate is one that you want to talk to does. Only the application can do this. It is a much under-appreciated and much omitted requirement of systems using SSL.