Apparently there is some undocumented magic done by addingPercentEncoding when the CharacterSet used as reference is an underlying NSCharacterSet class.

So to workaround this magic, you need to make your CharacterSet a pure Swift object. To do so, I'll create a copy (thanks Martin R!), so that the evil magic is gone:

let myString = "info:hello world"
let csCopy = CharacterSet(bitmapRepresentation: CharacterSet.urlPathAllowed.bitmapRepresentation)
let escapedString = myString.addingPercentEncoding(withAllowedCharacters: csCopy)!
//always "info:hello%20world"
print(escapedString)

As an extension:

extension String {
    func safeAddingPercentEncoding(withAllowedCharacters allowedCharacters: CharacterSet) -> String? {
        // using a copy to workaround magic: https://stackoverflow.com/q/44754996/1033581
        let allowedCharacters = CharacterSet(bitmapRepresentation: allowedCharacters.bitmapRepresentation)
        return addingPercentEncoding(withAllowedCharacters: allowedCharacters)
    }
}

The reason that it is percent escaping the : character even though it is in the .urlPathAllowed character set is that it appears to be strictly enforcing section 3.3 of RFC 3986, which says that the : is permitted in relative paths (which is what we're dealing with here), but not in the first component.

Consider:

let string = "foo:bar/baz:qux"
print(string.addingPercentEncoding(withAllowedCharacters: .urlPathAllowed)!)

That will, in conformance with RFC 3986, percent encode the : in the first component, but allow it unencoded in subsequent components:

foo%3Abar/baz:qux

The method name and nature of the documentation would lead one to conclude that it's percent encoding solely on the basis of what characters are allowed, but it actually looks like it's really considering whether it's a .urlPathAllowed, and applying RFC 3986's relative path logic.

As Cœur said, you can bypass this by building your own character set with the same allowed characters as .urlPathAllowed, and it doesn't apply any of this logic.