To build a Dapp based on verifiable data from real-world devices like Pebble Tracker, you are supposed to just fetch the device data you need from the Real-world Data Oracle network (using the dedicated GraphQL endpoint) and send it to your Dapp contract.
Finally, your Dapp will fetch the data messages from the GraphQL endpoint of the Real-world Data Oracle network, based on the device IMEI/Owner account, and use them for the frontend and the smart contract logic.
When fetching device data from the TruStream network, that data has already been verified in a decentralized way (i.e. the data has not been tampered with and the device that signed the data was actually a Pebble Tracker shipped by IoTeX).
However, depending on your Dapp, you have 2 options:
You (and your users!) trust your backend and the Data Oracle endpoint, so you consider the data "trusted" when it's received in your Dapp smart contract.
You do not trust your backend and/or the Data Oracle endpoint, and you re-verify the device data upon reception in your contract