What CSP are you using? And what does your config.xml look like (minus identifying/secret info) [mainly interested in your whitelist]
Not sure why you need the cordova-plugin-transport-security plugin, support for ATS is built in (see the docs regarding <access> tags). This is definitely a CSP problem, post your CSP and check any logs.
Yea, I only used the plugin for the sake of trying everything as I'm now clutching at straws, really.
Here is the CSP I'm using - there's probably some redundant fields in there but, again, it's all there for the sake of trying anything and everything:
<meta content="script-src * 'self' 'unsafe-inline' 'unsafe-eval' http://platform.twitter.com/* https://cdn.syndication.twimg.com/*; style-src * 'self' 'unsafe-inline' http://platform.twitter.com/* blob:; img-src * 'self' data:; media-src * 'self'; object-src * 'self'; frame-src * 'self' 'unsafe-inline'; font-src * data:" http-equiv="Content-Security-Policy" />
Also, here are my <access> tags:
<access origin="*://*.twitter.com/*" />
<access origin="*://cdn.syndication.twimg.com/*" />
I realise there is probably a lot of redundant stuff in these, it's just a culmination of trying everything that I can come across when searching.
As for logs, are you talking build logs from Adobe Build?