Roaming4231 for some people patching will be easier, but imagine: u need to download unofficial app for your banking account from random guy on some forum...
Yeah, of course these patched apps need to be made and distributed by a trusted community member. Technically, GrapheneOS is also an "unofficial operating system from some random developers on the internet", but we have all been able to build up trust for the GrapheneOS developers, and can do the same for any app developer that prove themselves trustworthy.
Roaming4231 Second phone sounds way more secure that that.
Separate devices for different security domains will always be the most secure and private option. But that costs money, which is why we have systems like GrapheneOS with separate profiles, and QubesOS with separate qubes.
Rasta9 it looks like this thread on Privacy Guides goes over how the detection is being done.
https://discuss.privacyguides.net/t/all-android-and-ios-apps-can-see-your-vpn/37154
Okay, so they do enumerate network interfaces. So this will be hard to fix. Pretty much, we would need to launch each app with a separate network namespace. This would require a total redesign of the app sandboxing, and this is probably not practical for GrapheneOS developers to do and maintain themselves, so we have to await an upstream solution from Google, which may never come.
But we really need separate network namespaces or full virtualization for apps anyway, to solve the localhost loopback leak between user profiles, make the VPN solution provably leak-proof, and other things.
https://github.com/GrapheneOS/os-issue-tracker/issues/4772
https://github.com/GrapheneOS/os-issue-tracker/issues/5225
Roaming4231 there already some patched apps without this spy things, but i'm not comfortable recommending download of unofficial apps from random places.
No, don't do that. You either need to patch the apps themselves, or download from a trusted community member. Don't download random apps from the internet.