"If a banking app sees a device claiming to be a Samsung Galaxy S22, but the vbmeta.digest doesn't match the known signatures for a stock Samsung S22, we know the device is compromised," says a developer for a major fraud detection SDK. "It allows us to distinguish between a user with a custom ROM for fun, and a bot farm operating on a massive scale."
You can find the ro.boot.vbmeta.digest property on an Android device through several methods: ro.boot.vbmeta.digest
In the context of device attestation, ro.boot.vbmeta.digest is a high-entropy value used to detect unauthorized modifications. "If a banking app sees a device claiming