That to me sounds like a platform issue in regard to not clearing out the routing table.
That very much sounds like a behavioral issue with regard to connections with the state established. Realistically your Apple accounts are not going to be “private” from Apple anyway because if you’re flicking that on and off they’re going to have your real IP at some point.
Its a limitation of the platform.
The only high assurance way to ensure a kill switch is with separate physical router, or VM like what Whonix does where packets are forwarded from one interface to another and the firewall rules dictate that it must stop if the interface is down.