A safe and reliable way to enable NSAppTransportSecurity for release and disable it for Debug / Staging configurations?

This question says it all.

I know NSAllowsArbitraryLoadswhich can be taken together NSExceptionDomains, but I'm a bit confused by this blacklist: I do not want to disable ATS for all but the specific production hosts listed NSExceptionDomainsbecause they can change, so I will need to manage their list along with the general application configuration where we have 3+ different host types for production. [Of course, in an ideal world, Apple will offer us to list the hosts for which we want to disable App Transport Security and enable it for all other hosts - no! vice versa]

I also tried to inherit my custom parameter $(MY_USER_SETTING)(which can support 3 different values ​​corresponding to Debug / Staging / Release), but it doesn’t work very well with non-string types NSAppTransportSecurity, which are a dictionary and NSAllowsArbitraryLoadsboolean - these values ​​just do not inherit my user setting.

Background: I want to see HTTP traffic for our Debug / Staging configurations using Charles Proxy, and with iOS 9 I need to disable ATS, and I want to make sure that this does not affect our Release configuration anyway!