I would like to make secure calls from Android and iOS mobile apps to my backend servers. The backend servers have wildcard certificate that work well for web browsers, both desktop and mobile.
Can I use the same certificate I use to secure web browsing for HTTPS calls from a mobile app? Is there a list of trusted certificates authorities for Android and iOS?
If it works for web browsers, it ought to work just as well for anything else. The certificate trust chain is part of the Public Key Infrastructure, which is typically implemented as part of the OS, not the browser. The trusted root certificates are embedded as part of the OS distribution and are used by all programs which want to use it.
An application can of course decide to use its own list of root certificates and may therefore have a different list than another application, but in practice this is rarely an issue. Since the certificate authorities are themselves responsible for getting their root certificate into popular distributions, they will typically advertise which platforms they are guaranteed to work on as well.
