alt Hacker Newsmitmproxy/mitmweb offer a WireGuard server implementation to do pretty much this. You can grab any existing WireGuard VPN, scan a QR code to import the VPN config, and start monitoring (after installing the MITM certificate, of course).
The packet tunnel story is crazy. I'm glad Android allows you to just use network APIs without question as a developer.
That's what I usually use. The packet tunnel method is used if you want everything to be fully local. My plan was to make an app that can locally spoof your location on iOS without a third party able to MITM.