Imagine you're playing a CHSH game with someone, although you don't know what quantum system it is that you're playing with, or even what measurements it is that you're doing on the system. You just know that you're getting the average value
(where measurement results of $\pm 1$ are recorded in $A_1$ and $A_2$ by the first player for their two separate measurements, and in $B_1$ and $B_2$ for the second player's two separate measurements). The simple fact that you got this value of $2\sqrt2$ tells you that, in effect, you have a maximally entangled qubit pair, and that your measurements are acting as qubit measurements with the correct relative angles to generate the CHSH result. That's the essence of how device-independent crypto works, as you could now use this "thing that's proven to be equivalent to a Bell pair+measurements" in a standard crypto scheme such as the key distribution protocol of E91.
If, instead, you get some expectation value $2<S\leq2\sqrt2$, then you know that at least some of your answers are being generated in a truly random way (and it gives you a quantitative statement about how much somebody else could know about those randomly generated answers) because if they're not, you'd have to be getting $S\leq 2$.