gistfile1.txt

Reply to: https://social.tchncs.de/@Billie/98993004627789275

Let me clarify this a bit here, since there seems to be a bit of confusion with some
false conclusions.

Yes, the f-droid version of the Nextcloud Android app is without Google Play Services.
Therefor it comes without Push notifications at the moment and we also do not pull for
them repeatingly to not drain your battery.
However this is only for Push. You can still read the notifications in the notifications
section (screenshot which prints the "google play services missing" message above).
When you open the section it will pull for new notifications on demand.

Also note, that the push notifications are encrypted with a key, which the Android app
sends to the Nextcloud server (when push is available). So the android app tells the
Nextcloud server: "hi I want to be pushed to and this is my device key which you use to
encrypt them and here is also the a token which you can use as my address".

As for the server code: No, it does not contain any google related code.
As per above the devices register on the server and therefor the server knows, when a
notification should trigger a push notification and when not. Also we have a stupid
proxy in place , which authenticates towards google instead of your Nextcloud server to:

1. hiding your server from google
2. protects our developer cert (which is needed to authenticate at google and otherwise everyone could do this)
3. verifies that the Server is allowed to push to that device.

The proxy is very stupid and only has:
1. a hash of "username+server url" to verify the target
2. the public key to verify the signature of the message
3. the google push token

You can read more about this in the related docs: https://github.com/nextcloud/notifications/blob/master/docs/push-v2.md