[pilif]

I assume that's the key used by the app. So if they kill that key, they also kill all existing applications.

That's the thing with this kind of "protection". If your proprietary app needs to access the server, anybody who can either extract the key from the app with reverse engineering or who can listen in on the communication between app and server will be able to use that API.

It's the same issue as with DVD encryption: If you need to show the movie to people, people need to be able to decrypt it. If this needs to happen offline, then the material needed for decryption must be static and either be on the disk on in the player - where it can be extracted and used by third parties.