But it sounds like the app isn't doing anything a web browser couldn't do. This is a recurring theme among authoritarians now: take something that a web browser does, and argue that because it's being done outside of a web browser, somehow that's wrong. Look at weev; that's exactly what he did (there are certainly other aspects, but it was one used to scare the court and the aspect that the prosecutor willfully failed to understand).
"All those people" are responsible for a public API; in this case, it is a text-based api over HTTP only, meant for human consumption, but it's an API nonetheless. This app does not bypass that API. If they don't like how the API is being used, they need to change it; but of course you can't close it completely. This is the analog hole of the Internet.
Web browsers are just a client for that particular kind of API. It's ridiculous to limit which clients can access an API, as long as they do so correctly. Of course, you can make it difficult or impossible for unapproved clients to access the API, that will achieve the goal; that's what DRM does. But by not putting those controls on the API you're allowing new competing clients to connect with it.
You can try to recontextualize it to suit some internal need of yours to feel OK or good about something being bent to suit another purpose. That doesn't change the copyright in spirit or in law.
It's not a public API meant for human consumption. It's a viewstate object, which is meant for currying data back and forth inside controls, etc. in an ASP.Net application. It's not an API. He had to hack that format which is feasibly a DMCA violation as well.
Weev would be a horrible example to bring up.
I'm not sure we're going to close a gap here if you feel all copyright is stripped the moment data can be presented in an anonymous user's browser.
"All those people" are responsible for a public API; in this case, it is a text-based api over HTTP only, meant for human consumption, but it's an API nonetheless. This app does not bypass that API. If they don't like how the API is being used, they need to change it; but of course you can't close it completely. This is the analog hole of the Internet.
Web browsers are just a client for that particular kind of API. It's ridiculous to limit which clients can access an API, as long as they do so correctly. Of course, you can make it difficult or impossible for unapproved clients to access the API, that will achieve the goal; that's what DRM does. But by not putting those controls on the API you're allowing new competing clients to connect with it.