Thank you both for the very detailed answers.
About this: let's assume that I manage to reliably trust the X1 cert in my app. That should be enough if, in the future, my certs are signed by X2, if I serve the long chain containing the cross signed X2 cert, correct?