In my production Xamarin apps, we retrieve a non-defined list of HLS playlist within differents domains. Is possible to use wildcards on the ATS exception dictionary?
I tried something like that but without success:

<key>http://*.domain.com</key>
<dict>
    <key>NSExceptionAllowsInsecureHTTPLoads</key>
    <true/>
    <key>NSIncludesSubdomains</key>
    <true/>
</dict>

Try this :

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>domain.com</key>
        <dict>
             <key>NSExceptionRequiresForwardSecrecy</key>
             <false/>
             <key>NSExceptionAllowsInsecureHTTPLoads</key>
             <true/>
             <key>NSIncludesSubdomains</key>
             <true/>
        </dict>
    </dict>
</dict>

While Apple highly suggests using the HTTPS protocol and secure communication to internet based information, there might be times that this isn't always possible. For example, if you are communicating with a 3rd party web service or using internet delivered ads in your app.

If your Xamarin.iOS app must make a request to an insecure domain, the following changes to your app's Info.plist file will disable the security defaults that ATS enforces for a given domain:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>www.the-domain-name.com</key>
        <dict>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.0</string>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSIncludesSubdomains</key>
            <true/>
        </dict>
    </dict>
</dict>