Google announced this week that Android’s protected KVM (pKVM) has achieved SESIP Level 5 certification, claiming that it’s the first widely deployed security system to earn this level of assurance.
The Security Evaluation Standard for IoT Platforms (SESIP) is a security evaluation and certification framework designed for IoT products. SESIP defines five levels, from Level 1, which is based on self assessment, up to Levels 4 and 5, which require a rigorous evaluation.
“Achieving SESIP Level 5 is a landmark because it incorporates AVA_VAN.5, the highest level of vulnerability analysis and penetration testing under the ISO 15408 (Common Criteria) standard,” Google explained.
It added, “A system certified to this level has been evaluated to be resistant to highly skilled, knowledgeable, well-motivated, and well-funded attackers who may have insider knowledge and access.”
pKVM is a security-focused virtualization technology used by Android for confidential computing, ensuring that sensitive data and processes remain protected even if the operating system is compromised.
The level of protection provided by pKVM can be very useful for organizations developing applications that handle sensitive data.
For users, the SESIP 5 level certification means their personal data, including information processed by on-device AI, is more secure.
Related: Android’s August 2025 Update Patches Exploited Qualcomm Vulnerability
Related: Iranian APT Targets Android Users With New Variants of DCHSpy Spyware
Related: July 2025 Breaks a Decade of Monthly Android Patches
Related: Undetectable Android Spyware Backfires, Leaks 62,000 User Logins
Source: securityweek.com
