To be 100% sure,

1) Have device in hand

2) Mine to your own address (the manufacturer does not know) at a your choice of pool

3) Read all outgoing packets and ensure it's only sent to the selected pool. If there are packets sent to unknown places, the manufacturer could be receiving info on your pool/address and send some of their own hash to the same pool/address..

4) If hash rate at pool is up to spec, it can be considered verified.