GrapheneOS replaces the minor Google services used by AOSP and Chromium. Chromium is a lot different than AOSP since it has all the Chrome code for using Google services included as part of the open source project. AOSP doesn't really support using any proprietary Google services but rather only uses Google for standard services like connectivity checks, network time, DNS fallback, SUPL, PSDS and key provisioning which are not Google-specific services and can be done by others too.
This wasn't a high priority for us compared to other more important work but it's a completed feature for quite a while now and we make sure it doesn't regress by hosting any new services that are required such as when we added key attestation. The key attestation proxy will likely need to be updated for Android 14.
The default connections made by GrapheneOS and Vanadium are covered in https://grapheneos.org/faq#default-connections along with a separate section explaining connections triggered by installing apps, using a carrier and other changes from a fresh install. The default connections are fully covered. Covering every kind of connection made by the OS based on apps is a much broader amount of work and the scope is unclear, such as whether it makes sense to cover apps with the Network permission using an API like DownloadManager. We may implement proxies for some features like DRM key provisioning but we currently change protected video support in Vanadium to require requesting permission by default so it's not triggered unless you enable it or install an app using it.
Vanadium is going to have a lot of additional privacy and security features added to it, similar to the OS. We've had very limited resources to improve it and we have very high standards for the features we're going to be including. Completed state partitioning, additional fingerprinting resistance, data export/import and ad blocking are examples of features planned over the next year or so. The approaches taken in these areas in other browsers have significant issues and we need to decide on the best way to approach them for Vanadium. For example, Brave and Firefox left major holes in their cookie partitioning to avoid breaking lots of sites including cross-site login flows which can be abused for the same kind of cross-site tracking as without the feature. We tried out strict cookie partitioning but it breaks too much to be enabled by default and we'll need to consider the best approach to use. We could offer different tiers as an optional with a heuristic approach as the default, but we don't want to add a ton of complexity right now. Over time, there will be fewer features people want missing from Vanadium.