On Android, each user or work profile has their own VPN configuration. Owner user VPN is used for privileged system processes unless they apply special rules for packets. There are checks to only permit processes sending packets via allowed networks, but we found a hole in it.

We discovered apps can partially bypass these restrictions for VPN tunnels owned by other profiles by using multicast packets. We were unable to figure out an easy way of resolving it with eBPF so we're using netfilter for this part of our leak blocking: github.com/GrapheneOS/p...

add multicast firewall · GrapheneOS/platform_system_netd@036d9af