Testing auto-renewing subscriptions

Question

I'm trying to piece together the disparate pieces of information I find on the web with regard to auto-renewing subscriptions. My questions are these:

1. When a purchase is made, should I record the date and only check for whether a subscription is still valid when, according to my calculations, the expiration date has passed?
2. When that does happen, I suppose I only need to revalidate the receipt I have previously stored? Why is it such a bad idea to keep the receipt on the device and hard-code the secret into the app?

Answer 1

1. The first time a purchase is made, you should verify the receipt at that point just to make sure it's legit. And then yes, when your records show that it should be expired, you can verify the receipt you already had stored again. iTunes will tell you if there's a new receipt that relates to that subscription. I don't see a need to check any more times in between there.
2. Keeping your secret in the app means that it exists on every device that has your app. It's more vulnerable to being discovered that way through hacking and such. You can always change your secret, but at that point someone may have already caused some problems for you. And then you'd have to update the secret in the app and hope everyone updates.
   Another bonus to keeping it on your server instead: you wouldn't have been vulnerable to the in-app purchase hack that was revealed in Russia back in July (2012). A hacker found a way to create false IAP transactions, before Apple closed the hole. But developers who verified receipts from their own server were not vulnerable.