You might need to explain how a VPN solves the certificate pinning issue; the author is already modifying the phone's HTTP/S traffic via a proxied network connection, and a VPN doesn't (to my knowledge) allow you to forge valid HTTPS responses using the pinned server certificate.
Sorry, should have clarified: instead of faking the response, you can connect to Apple’s servers through a US proxy. They will see you have a US IP address and return the corresponding ___location code, all over properly signed HTTPS.
There are a few caveats (e.g. using a residential or mobile proxy would look less suspicious, in case Apple looks out for datacenter IP ranges), but I think it should work.
You don't need to modify the HTTPS traffic. You get a VPS that is in the US, and set the device up so that when it requests the ___domain (gspe1-ssl.ls.apple.com) that the IP address returned is not an Apple IP address, but the VPS IP.
The VPS simply forwards traffic on port 443 to gspe1-ssl.ls.apple.com.
