> Question: is there anything stopping an app from using an invisible embedded web view to pull content from Twitter, mimicking a plain browser, and then scraping the content from the DOM as a poor man's API?
Yes, it's called iframe busting. You can't force a page into an iframe that doesn't want to be there.
As soon as they get a whiff that people are doing this they'll just block the ip range. Site scrapping is big big business, and a cat and mouse game. Yes, it can be done though, you're right.
They could do this if the scraping were done by a remote server, but if the network activity came from each individual user, they would at best have to resort to looking for behavioral "fingerprints" to what otherwise looks like normal web browsing activity.
Let's just say I wish I had the time for such an endeavor, and I sincerely hope someone out there does.
Yes, it's called iframe busting. You can't force a page into an iframe that doesn't want to be there.