Checking the referer is method of CSRF prevention. If an attacker forces a victim's browser into performing a POST or GET request using JavaScript/HTML/Flash, then the referer value will either be blank or URL where the attacker's CSRF exploit originated from. In any case, an attacker cannot set the referer to be https://mysite.com/
in a CSRF exploit, so this check helps mitigate the attack.
Setting the HTTP referer in an iOS app has absolutely zero security impact.