I should have been clearer with the intent of my post. The intent was more along the lines of asking people to help point out to me some detail on the topic which I might have missed, because this loophole seems to be too obvious and dangerous to FOSS…

As the EUPL FAQ (written by EU lawyers) also points out, Directive EC 2009/24 states in point 15:

Nevertheless, circumstances may exist when such a reproduction of the code and translation of its form are indispensable to obtain the necessary information to achieve the interoperability of an independently created program with other programs. It has therefore to be considered that, in these limited circumstances only, performance of the acts of reproduction and translation by or on behalf of a person having a right to use a copy of the program is legitimate and compatible with fair practice and must therefore be deemed not to require the authorisation of the rightholder. An objective of this exception is to make it possible to connect all components of a computer system, including those of different manufacturers, so that they can work together.

However, there is a last sentence in this point, which I only realised now that it might be the answer to my question! So good that you questioned it.

Such an exception to the author’s exclusive rights may not be used in a way which prejudices the legitimate interests of the rightholder or which conflicts with a normal exploitation of the program.

Maybe in court the exploitative nature of the hypothetical in my post would be covered by this. Though, this moves the matter towards some gray zone, where the question is where the line of explotiation lies. Is a plugin system, where by default the software functions as before, but functionality can be expanded with “premium” plugins that make algorithms in the software more precise or fast considered exploitative?

It might be not this simple in case of notification providers, the notifications are somehow sent in the name of the app I guess. And don’t forget: in general, this principle is true for most of your apps that send notifications. I.e. if you are getting Signal or Facebook notifications, it uses the same principle.

Btw, google is not the only notification service for android. Check up on Unified Push, there are many alternatives to do this, and there are some apps that support these alternatives in their non-play-store builds.

In general, notifications on Android don’t go through apps, that would require apps to run all the time and consume too much battery. They instead are going through a notification provider (google in the default case). This is why your notifications arrive, but you have no other connections to your HA.

Edit for clarification: HA uploads it to google servers (which of course doesn’t need port forwarding) and your phone then polls them from google.

No. The issue is that an assumption they make in the unsafe block does not actually always hold true. They changed the safe rust code to strenghten the (incorrect) assumption they made in the first place, because that is way easier than rearchitecting the unsafe part. I.e. if the unsafe part was somehow to be written safely, the mitigation they introduced now would not result in any difference in behaviour, it would be correct behaviour both before and after.

Tldr: the problem lies in the unsafe part