I'm currently working on an app that will accept a user's login, password, and ip address to run rest get requests. I have done some research once I realized that TSL is going to be enforced by Apple and we cannot submit apps to the App Store using NSAllowsArbitraryLoads = YES.
Because of the nature of my application I will not be aware of the ip address so I cannot exactly specify the domain unless I use some kind of ip range or add the domain to info.plist once the user enters the ip address into the field. I have not seen anything online where people use ip ranges when adding exceptions for TLS and from what I understand I can only read info.plist in swift and not write to it. Currently kind of stuck at the moment. If anyone could point me in the right direction that would be great thanks!
The new App Transport Security rules were first introduced at this WWDC16 session. Also stated here was that these rules only applied to apps that had the ability to comply. If you believe you have an app that can't, I believe they said you should contact them. Use the link above to check out the WWDC session (searchable transcript included).
Edit: After checking out the transcript again, they said you'll need to "provide justification" for it. This might be justification at the time you submit your app, but you could contact Apple Developer Relations to find out.