Delta Android Keysystem !new! -

However, the Delta concept introduces a critical tension: The answer lies in remote attestation with a delta manifest . During each boot, the immutable root measures the Delta module and provides a composite hash to the OS. When a relying party (e.g., a bank server) receives a key attestation certificate, it also receives a signed Delta manifest—a list of the module’s version, author, and security properties. The server can then decide: "I accept Delta v3.1 from a trusted signer, but not v3.0."