if we store the certificate within the app and bundle it whilst being uploaded to the App Store/Play Store; what happens if the certificate expires?
You include a truststore in the app which contains the trusted CA root to validate SSL connection. If the root expires then your SSL connection will fail. It is the expected behaviour. You can ignore it (java - ignore expired ssl certificate), but then you are decreasing your security level, that was the main reason to include the trustore
Do we have to push another update with the renewed certificate bundled?
This action will solve the issue. Be aware that if you use a trusted CA (like verisign), the certificates have very long expiration time, so this is not going to be a common action. In fact you'll know well in advance when it expires
Or is there a mechanism to get the certificate updated within the mobile app?
I think it is possible to set a service to download the new trustore before the root CA expires, and use it in Android application with a custom trust manager
