If they have the hash/derivative they dont need to look on device or even decrypt, theyll know that data with this hash is on device, and presumably 100s of other matching hashes from the same device