The issue found by a GrapheneOS user in April 2024 was apps being able to bypass Android's leak blocking by sending multicast packets themselves. We also found other leaks via kernel-generated packets. Our eBPF filter work addresses all of these issues: github.com/GrapheneOS/p...

drop multicast when lockdown VPN enabled · GrapheneOS/platform_packages_modules_Connectivity@558cc24

On Android, each user or work profile has their own VPN configuration. Owner user VPN is used for privileged system processes unless they apply special rules for packets. There are checks to only permit processes sending packets via allowed networks, but we found a hole in it.