You would assume that all traffic is tunneled through VPN when you have an always-on VPN and “Block connections without VPN” is checked, but Android has “privileged apps” that will bypass the VPN.
The privileged apps include (maybe more, but we don’t know):
Google itself: connectivity check and an encrypted request to www.google.com will go outside of the VPN
WiFi Calling: always travels outside the VPN on Android
Traffic tethered from Android’s WiFi hotspot
And, there are several scenarios where DNS lookups leak outside the VPN.
You can easily tell this because your phone doesnt really change locations like it does when you root your phone and use an app like GPS joystick (not a vpn but your location will be accurate to where tou set it, it will also sync the time)
yes, however you can tell the difference between a rooted phone and a non-rooted phone and how the unrooted phone can still detect stuff. For instance, let’s take Pokémon go for example. You can use the fake gps on non-rooted however, it will not work in the game, therefore its detected. However, on a rooted phone, it will not be detected, and you can play the game anywhere. The way android is set up in general just makes it near impossible to not leak your information. Personally, idk if rooting your phone and then installing a vpn would even make it non leakable. but it’s a greater possibility, that is for sure. No, I am not suggesting to root your phone, just an example on the difference and how it can read overlays and this and that.