Now another question: Would it be possible to fake that TCP GET request? Get that file locally and tell the myapp to use that instead?
It would be possible, but its likely that your would-be hacker will do something much simpler: they'll examine your software to find the function that performs the check and replace it with a version of their own that simply reports a valid key, bypassing the online check entirely.
They'll then likely share their patched version (or a patching program) via download sites and torrent trackers so that less technically skilled users can also benefit.
Any software running on your end user's hardware can be modified, and for a skilled cracker it isn't even very hard to do.