Well you see, finding a way to reliably deliver ads via the API would have taken far too much developer brainpower for a company that can’t make a functional video player or a mobile app
It honestly wouldn’t be that hard at all. You deliver ads via the API alongside actual posts, as if they are an actual post, and forbid altering them in the developer ToS. If you want to be anal about enforcement, run popular 3rd-party apps in an emulator to verify that the JSON returned by the site is unaltered when it’s rendered in the app. You could put this together in a weekend.
Which really just speaks to quality of talent at reddit, or the management at reddit suppressing that talent. Or both.
It could be for contractual or for insurance reasons. We have some contracts with government agencies that require it, and our cyberinsurance also does. Even though NIST has been recommending for years to do long passphrase + MFA and no reset unless you suspect compromise.
So yeah, the reason behind this might not be just plain incompetence.