I would think that, logically, and as illustrated, "the device wasn't tampered AFTER shipped from manufacturer" means after YOU have shipped it to customers. The anti-tampering system is to prevent modifications in the field.
The point is that if the devices are sensitive with compliance requirements then you must be able to verify them irrespective of who you hired to manufacture them.
You cannot just trust the word of a contractor on this because it's your ass on the line.
Engineering is one thing but it must never trump strategic business thinking. Sometimes the cleverer engineering option is a business death trap.
Any solution that puts your balls into someone else's hands is suicidal.