No. It's not just to write the code. To fake a six-month legitimate use, the spammer also needs to run the code for six months, it takes lots of resource to do so.
To avoid detection, you can't just make API calls for six months. You have to run the official client on the machine for six months, and then the official client can collect more data on your usage pattern. Imagine the cost to run hundreds / thousands those accounts.
To avoid detection, you can't just make API calls for six months. You have to run the official client on the machine for six months, and then the official client can collect more data on your usage pattern. Imagine the cost to run hundreds / thousands those accounts.