I just switched from iOS to Android and found out that with the release of Android 12, Google removed support for L2TP VPN protocol. I’ve been searching for third-party VPN apps that still support L2TP, but I haven't found any options.
From my understanding, L2TP is a Layer 2 protocol. Does Android restrict access to lower network layers, making it technically difficult for developers to implement L2TP VPNs in third-party apps? Are there specific limitations within Android’s network stack that prevent this?
Android's security model makes implementing VPNs a bit more challenging. The core issue is that VPN implementations would (normally) need to be able to see the other applications' packets in cleartext so they can be encrypted and/or encapsulated into the VPN. On Linux, root or the kernel can do this easily, but on Android, normal apps don't get any special root privileges.
Google anticipated this issue and created an API for implementing VPNs. See: https://developer.android.com/develop/connectivity/vpn
So, yes, now 3rd party VPNs can be offered as installable applications, and you could develop one yourself if you wanted to.
From my understanding, L2TP is a Layer 2 protocol...
It's a layer 4[-ish] protocol running over IP/UDP. It primarily exists to tunnel PPP, which is an L2[-ish] protocol. PPP itself is used mostly for IP (via its IPCP sub-layer) but PPP in the past has been used for tunneling other things as well. As a historical note L2TP was actually used by some vendors & carriers to tunnel Ethernet directly (Ethernet -> L2TP -> UDP -> IP), in addition to PPP (IP -> PPP -> L2TP -> UDP -> IP).
So, practically speaking, the Android issue isn't really about access to lower layers (L2TP would appear just as any IP/UDP app), but rather being able to plug in to Android as a VPN so as to get access to packets from the applications that want to use the tunnel. And the API I linked to above solves that problem.