I am using NSUbiquitousKeyValueStore to store a dictionary of users data on iCloud (gems, username etc).
Gems can be purchased in the app as a consumable IAP, and the total number of gems the user has is then stored in NSUbiquitousKeyValueStore. If a user is able to modify this then that would have a large impact on my business model where a user could bypass the IAP and modify this value directly.
So the question is how secure is NSUbiquitousKeyValueStore and is it suitable for my scenario? I've found a few relevant questions on SO but no definitive answer.
Keeping IAP and other critical app data on NSUbiquitousKeyValueStore is a flawed business model.
Users cannot modify NSUbiquitousKeyValueStore directly but they can delete it. Or they can turn Documents & Data option off for your app. Even they might be not using iCloud on their iDevice in the first place.
You need to use your own server for this.