[deleted] The default connections are all sent via the owner user's VPN service, at least on the Pixel 6 and 7 series which have the Broadcom chip. Connectivity checks are a special case, and different, as explained in:
https://grapheneos.org/faq#default-connections.
For more context, I'm quoting this comment from the GrapheneOS Reddit account: https://www.reddit.com/r/fossdroid/comments/11kxmhf/grapheneos_now_proxies_supl_agps_without_google/jcj1709.
Broadcom SUPL is already sent via the Owner user's VPN service. If you use a VPN, then you connect to our SUPL proxy through it for devices with Broadcom GNSS. The same applies to PSDS, key provisioning, updates, etc. Connectivity checks are a special case, since they check if each underlying network works, not just the connection via the VPN. See https://grapheneos.org/faq#default-connections for details.
Android NTP also bypasses VPN but we replaced that with HTTPS network time and we don't bypass the VPN. We replaced it since Android NTP is unauthenticated We don't bypass the VPN for our HTTPS network time which makes it slightly less accurate but it's not a big deal. They likely did it that way since NTP uses UDP and not all VPNs use UDP, along with VPN connections breaking if certificate validation fails due to certificate expiry, etc. from out-of-sync clock.
Qualcomm SUPL is implemented directly in the baseband via mobile data, so there's no way to use a VPN. It has to connect directly via SUPL. This also makes it difficult to analyze what it's sending.