The leaks seem to be limited to direct calls to the C function getaddrinfo.

The Chrome browser is an example of an app that can use getaddrinfo directly.

So a Google browser…

The above applies regardless of whether Always-on VPN and Block connections without VPN is enabled or not, which is not expected OS behavior and should therefore be fixed upstream in the OS.

We’ve been able to confirm that these leaks occur in multiple versions of Android, including the latest version (Android 14).

And a Google OS…

We have reported the issues and suggested improvements to Google and hope that they will address this quickly.

It’s a feature, not a bug.