Currently, the VPN setup in Android is lacking. Wireguard isn't configurable manually, and there's only space for one VPN. What I mean by that is that leak-proof split-tunnel is impossible in Android, and one can't use two VPNs (or VPN and TOR) together for different apps. (I.e.: say I want to route system traffic, like updates, through TOR, but I want my bank to use my VPN.) Maybe I'm just spoiled to a desktop, but I do think this is worthy of attention as it can undercut security as of now with split-tunnel leaks at least.

What I'd like to see is allowing multiple VPNs and more flexibility with the VPN settings to allow for routing certain apps through certain tunnels without worrying about potential leaks.

Disclaimer: I'm not demanding or assuming anything except that typing this could prompt the devs to see this and consider it worthy of their time. Please don't assume I'm somehow trying to make them bow to my every need by making a simple suggestion on something I think improving would create a lot of benefit.

    xmachina one can't use two VPNs (or VPN and TOR) together for different apps. (I.e.: say I want to route system traffic, like updates, through TOR, but I want my bank to use my VPN.)

    You have a workaround for this. You can use Private space for your bank app, as it has a separate VPN slot. If I'm not mistaken, work profile also has a separate VPN slot. Every other secondary profile (up to 64 of them on GrapheneOS?) has a separate VPN slot, too.

        xmachina What I'd like to see is allowing multiple VPNs and more flexibility with the VPN settings to allow for routing certain apps through certain tunnels without worrying about potential leaks.

        Based on my reading a variety of requests and responses about proposed VPN features, I suspect this won't go anywhere. At present the architected way to have multiple VPN connections is to use multiple user profiles. User profiles have plenty of quirks and annoyances, but I think work to fix those issues (getting AOSP fixed or locally fixing in GrapheneOS) is more likely to pay off than redefining how profiles are expected to work in a way that would conflict with Google's plan.

        Please note that I do not speak for the GrapheneOS project.

            de0u suspect this won't go anywhere

            Security aspect aside, think the other reason I've seen given is, the effort is not worth the gain when userspace apps can just as well implement multi-VPN feature.

              xmachina can't use two VPNs (or VPN and TOR) together for different apps.

              I think this is possible. the VPN app on your phone can decide traffic destinations and can even make different remote tunnels for each of your apps. There can be only one local tunnel on your phone though which send all traffic to your VPN app.
              Split tunnel here means some apps go through local VPN tunnel and the others go through your ISP. It leaks traffic outside of your local VPN tunnel. You don't need split tunnel to achieve your demand. You just need a good VPN app that can connect to different remote servers at the same time.

                xmachina You can use separate VPNs for separate apps via profiles. That's the only correct approach to avoid leaks. You can use chained VPNs via apps supporting it.

                  I don't know how private Bitdefender VPN is, which I use allows protocol selection , I use wireguard also have different IP for Personal, Work and private space.
                  Also use zero.dns0.eu for private DNS.
                  Installed in each profile