Google’s Android Hypervisor Achieves Highest Security Certification for Consumer Electronics

Google has announced that the protected KVM (pKVM) hypervisor, used within the Android Virtualization Framework, has become the world’s first software component for mass-market consumer electronics to achieve the SESIP Level 5 security certification.

This level affirms the system’s readiness to handle highly critical workloads—including AI computations on personal data—with the highest guarantees of confidentiality and integrity.

The evaluation was conducted by the international laboratory Dekra under the TrustCB SESIP scheme, aligned with the EN-17927 standard. SESIP Level 5 encompasses AVA_VAN.5—the highest category of vulnerability assessment and penetration testing under ISO 15408 (Common Criteria). This denotes resilience against attacks by highly skilled and well-equipped adversaries, including those with insider knowledge and physical access.

According to Google, many Trusted Execution Environments (TEEs) in the industry are either uncertified or certified at a lower security tier, complicating the development of mission-critical applications. pKVM changes this dynamic by providing a unified, open, and high-quality foundation on which manufacturers can build secure devices.

In the future, Android devices will be required to employ isolation technologies with an equivalent level of certification to perform core security operations. This will ensure uniformity, transparency, and verifiable protection for all users.

The project is the culmination of years of work by Linux and KVM developers, alongside Google’s engineering teams involved in creating pKVM and AVF. The company anticipates that the open-source community and the Android ecosystem will continue to build upon this foundation, ushering in a new era of highly reliable mobile technology.