What is the security benefit of verifying iOS Apps Receipts on the Apple App Store, vs in-app?

Question

I'm trying to understand the benefit of verifying a reciept within the app itself, vs asking the app to send it to a server for validation.

I've read this documentation and for some reason the payload is sent here:

AppleProductionUrl = "https://buy.itunes.apple.com/verifyReceipt";
AppleTestUrl = "https://sandbox.itunes.apple.com/verifyReceipt";

As it stands now, I still need to validate various aspects of the certificate: BundleID, etc. X509 properties should be an easy thing I can do to increase privacy.

Answer 1

Real answer: none, because you don't care about eastern-European hackers who are twice as smart as both of us combined. If they hack my app, they can have it, it costs me nothing.

Paranoid answer: you can't trust the client! Someone might have decrypted and decompiled it!111!

In reality - if you have renewing subscriptions (auto-subscriptions), or, you have testflight users who might be testing purchases in the sandbox (aka sandbox users), then, in order to do any receipt validation you need to care about which environment you're in. An example of the former: your auto-renewing subscription expires tomorrow. Did Apple succesfully auto-charge their credit card? Better find out before locking them out of your app...