The overlay that appeared with the "cheats" on it was full off inside jokes too and didn't look at all serious. One of the check boxes was labelled "Vote Putin".
I would not be surprised if the majority of fake reviews are coming from offshore companies. Does the FTC have jurisdiction to fine those? Otherwise this changes nothing.
> I'm pretty sure Apple has since closed this loophole by enforcing that apps perform OAuth in a browser where they can't control the DOM, but I'm not sure
Apple are not restricting OAuth in an embedded web view, at least not on a software level. I have worked on an application that injected JS into the OAuth window for non malicious style purposes. It is possible they're rejecting apps from the store for this behavior, but I wouldn't know.