You are right, from my point of vue, the Tao's idea is not very original and will never go to a strong protection (no dump, no keygen, no direct decrypt).
I think one of the most serious protection would be to delocalize some part of the app on a server, wich verify on his list if the user is registered. I don't see what I could do... Fortunally for the badboys, that's seems however a little heavy...
