Καλημέρα Κωνσταντίνε,
Based on what you describe either HikaShop is doing something wrong or the mobile web browsers do something they shouldn't.
Please go to Components, Admin Tools, Web Application Firewall, Configure WAF, Request Filtering and check the "CSRF/Anti-spam form protection (CSRFShield)" setting.
If it was set to Basic then the problem is that HikaShop does not include an anti-spam CSRF token in the checkout page. Not including a CSRF token in a form is all shorts of wrong. A form lacking a CSRF token can be used to trick users or, more simply, allow a bot to very quickly overwhelm your site with fake orders. I would report that as a medium level bug to the developer. In the meantime set this to No to prevent this issue from occurring during mobile checkout.
If it was set to Advanced the problem is with the mobile browsers. The "Advanced" setting includes a hidden text field in the form with an unintelligible name. If this field is not empty when the form is submitted we block the request. The idea is that the field is hidden i.e. a human cannot see and fill it in. Only a bot would try to fill it in. Some browsers' form detection may try to fill it in with unrelated information they think should be part of a checkout form, causing the problem. In this case there's nothing you can do except set the CSRF protection setting to Basic or No.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!