Has anyone wiresharked its transactions to Google? If it's literally doing it like it's a browser, what cookies or storage API (or other) state is it leaking?

It's all open source. Not sure what info it is leaking tho. https://github.com/TeamNewPipe/NewPipe#Description

NewPipe itself is open-source. It's using the OS infrastructure to make requests (https://github.com/TeamNewPipe/NewPipe/blob/ce17ccad27af0aba...).

One would have to do a deep-read of the implementation of those APIs to know what they might leak (or toss a packet sniffer in the network stack).

This seems like an argument from ignorance. eg. "Well, there's no evidence to support this hypothesis, but it could be x (no proof given), so unless we look into x, we won't know for sure".

Using the system browser or webview doesn't send any user identifying information (other than device type and version) in http requests. There's no plausible reason why using the download manager API would do it either.

I'm not sure I'd call it an argument, but the ignorance part was right (note upthread this began with a question as to whether anyone had attempted to packet capture on what NewPipe is sending in a session).

There isn't evidence other than the user in question's account apparently got banned and they claim to be using NewPipe. So it's one possible avenue of further investigation if one tries to figure out how Google would even know to ban a user that was using a tool that allows connection to YouTube anonymously.

If Google PlayProtect is enabled it'll be aware of the NewPipe app on the phone or any other Google components may track its usage. Alternatively Youtube could detect the newpipe usage on their end and cross check with the client IP adress collected via the regular YT app. It's certainly possible to detect it.