I don't understand in what sense they faked the process. What I've heard described is substantially similar to other SOC2 processes I've seen

And yes SOC2 is fake. Have you ever heard of a startup failing to get soc2 or doing more than a few hours of work to get into compliance?