I am going to change my iOS App from Paid to Free+IAP model, so is that compulsory to do Receipt Validation when the app launches? Does Apple's guideline require that? Thanks!
Receipt validation is not required nor is it all that necessary.
But you may need some way of identifying users who bought the earlier, paid version of the app. The common way of doing is by examining the receipt and looking at the original_version field. You can do that by sending the receipt from the device directly to the Apple servers and having them decode it. You open yourself up to a man-in-the-middle hack but you have to ask yourself if you really care if some people steal your IAP. If you do, then you need to decode the receipt in the app using OpenSSL or you need to transmit the receipt to your server using a signature to assure security.
As you said, even if Apple does not require me to do that, I still need to take care of the paid users.
But if the app uses OpenSSL/cryptography, it will involves Export compliance, this is very troublesome..
Does this usage qualify for exemptions?
Yes, it is:
Limited to authentication, digital signature, or the decryption of data or files
