I'm pretty sure you're OK as long as the phone is still verifying that the CA signing the received key is known. (you could test this with a self signed certificate)
The EV bar doesn't provide any better crypto, it's just a set of tags on the cert indicating the issuee has undergone extra offline validation. Each CA that can issue EV certs has its own tag so it's not like someone could make a CA and sign with the EV tags.
Wildcard wise, wildcards only work for one level of subdomain and not on EV certs.
SSL interception needs you to inject a root CA certificate into the client. The proxy generates a new certificate signed by the fake CA when something is requested, pushes that behind the client, then stitches the two sessions together. The only way the client knows is that the certificate is signed by a different CA. I've done this as part of a web filter at a large company, we needed to use Microsoft group policy to push out that key. It can work transparently or with the browser having configured a proxy. But without the client having the proxy's CA in the certificate store, all certs look broken.