Diffrent user seperation and security

OnlyQuickQuestions

Hey friend,
i have a few questions about the option to have many diffrent users on one account and to what extend they are separated.
1.If i have a malware on one profile is there a way/how hard is it that it can infact other profiles

Iamagin i have one "private" profile which has a very secure password and then i have a "normal/every day" profile" but the password for that is very weak is there any way for attackers/law enforcement to abuse that, do i have a bigger attack surface if they are in one profil/do they have more priviliges over other profiles if they are in one.
If i remember right the securest state for a device is after reboot Before first unlock, and if i have auto reboot on, they could abuse this insecure account from question 2. to reset the autore boot timer over and over again and becouse you cant end session for owner account it would never get in this secure state(would love a quick explanation why this its more secure after reboot)

just bc i'm not sure if its insecure to have this everyday/insecure account.
thx

final

OnlyQuickQuestions If i have a malware on one profile is there a way/how hard is it that it can infact other profiles

Contemporary Android malware would not be able to do anything to effect other user profiles.

The malware would likely need a very sophisticated exploit that would give itself root access while not compromising verified boot's integrity checks. While it would probably not be able to read the encrypted data in each profile, with such high privilege the sophisticated attack could infect itself to every profile automatically as you authenticate into them. This can be as a method of persistence or for more data to spy on regardless.

This is already something quite difficult to achieve in stock Android on a Pixel providing the user isn't unlocking their bootloader and rooting their device. The verified boot combined with the Auditor application would be a very good mechanism in alerting the user about a compromise deep within the operating system, so it would have to be extremely well made for it to not get detected.

OnlyQuickQuestions Iamagin i have one "private" profile which has a very secure password and then i have a "normal/every day" profile" but the password for that is very weak is there any way for attackers/law enforcement to abuse that, do i have a bigger attack surface if they are in one profil/do they have more priviliges over other profiles if they are in one.

The 'Owner' profile you log into during boot is like the manager of all other profiles, it can add, delete, and control certain environment variables of the user profiles (like bundled apps and telephony access). The owner profile itself has slightly more privileges due to managing some global OS settings, but they cannot read data of the other profiles, and there wouldn't be much attack surface raised other than the fact a threat actor could switch between profiles in the lock screen and attempt to brute force what they believe is the easiest to unlock profile.

As you have mentioned, you are concerned about about the weaker profile. Weaker passwords/PINs are protected by Weaver, a throttling system taken advantage by the hardware security module. If there are a set number of incorrect guesses then the module will throttle the ability to attempt unlocking/brute forcing the device, which increases more with each set of incorrect guesses. If you rely on Hardware security then a PIN of 6+ numbers is completely safe. A hardware-focused exploit on the hardware security module would likely be needed, which is extremely unlikely.

OnlyQuickQuestions If i remember right the securest state for a device is after reboot Before first unlock, and if i have auto reboot on, they could abuse this insecure account from question 2. to reset the autore boot timer over and over again and becouse you cant end session for owner account it would never get in this secure state(would love a quick explanation why this its more secure after reboot)

Automatic Reboot settings are only available on the Owner profile. User profiles cannot change this.

As for your other questions: Yes. Before First Unlock (BFU) is far more resistant to attacks than After First Unlock (AFU).

An explanation for BFU being more secure is that if the device was not unlocked even once, then instances of keys are nowhere in the device to exploit and any data hasn't been decrypted. The phone would also essentially operate with reduced functionality and attack surface until the first unlock was entered. Before the first unlock, all the data is regarded as being inactive and at rest and so you can't do anything at all with it. When a phone is on BFU then it has way, way higher forensic and exploitation resistance. Certain exploits like the Pixel lockscreen bypass were not possible if the device is BFU.

In the case of a Pixel, the dedicated hardware security module (Titan M2) helps with key management, meaning that an exploit of the Titan M2 would need to be focused on for trying a BFU exploit. This also means it handles BFU way more securely than other devices, even if many other mainstream devices are quite resistant even in BFU state.

User profiles other than Owner can be put into a BFU state by pressing the 'end session' button on the bottom of the lockscreen, which purges the decryption keys and puts all data of that specific profile to rest. This can reduce exploitation of that profile.