Possible Mobile hacked on August 28 2025

I gave my phone, realme 3 pro, running Android OS 11, system UI 2.0, password and biometric locked, sim cards removed to a local technician to install side buttons and new internal connectors, when he returned phone to me next day, his behavior was extremely rude, hostile, unprofessional and he did not installed anything and also removed already factory installed connectors, claiming he installed them. That is not the cause of my worry. I noticed a multi user silhouette icon on lock screen and after unlocking on top right corner besides settings icon as well. I never enabled it. How he enabled it on a password and biometric locked realme 3 pro running Android OS 11,system UI 2.0. I checked google myactivity and digital wellbeing statistics and found that no application like settings, play store, files or any other app is opened or used during the duration phone is with him. Device is showing certified in play store settings. Widevine is L1, verified boot state is greenand showing verified, bootloader is locked, OEM unlocking is off, device shows meeting basic integrity, strong integrity, device integrity. dm_verity is showing enforcing, SElinux is unknown showing. I also checked after dialing *#899#, in key status it is showing, RPMB key:-Pass WECHAT KEY:-PASS ALIPAY KEY:-PASS CRYPTO KEY:-PASS WIDEVINEL1KEY:-PASS HDCP KEY:-NOT SUPPORT GOOGLE KEY:-PASS FIDO KEY:-NOT SUPPORT Security level is showing Trusted execution environment. How he enabled it, did he used any underhand trick to bypass lockscreen, used any external unlock tool like Chimera, Miracle Box, adb commands, celebrate, magnetAXIOM, specialized usb cable, Programmer files, how did he enabled multi user feature (guest mode or secondary user profile) in my realme 3 pro?