@Thomas L Thank you for reaching out to us, As I understand you are looking to test the functionality of Azure AD/Microsoft Entra Certificate Based Authentication on the mobile devices by changing the user's password.
As per the documentation - https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-certificate-based-authentication-mobile-android what i see is CBA can be used to connect to
- Office mobile applications such as Microsoft Outlook and Microsoft Word
- Exchange ActiveSync (EAS) clients
No where in the documentation it is mentioned CBA can be used for SSPR. Also, I did review this section How each authentication method works where CBA is used as for Primary authentication.
However I will check with my in which scenario's we can test CBA functionality on the Mobile devices and keep you posted.