At one point it was [1], and I'm not aware that that has changed. I've also a memory of talking to the seL4 team at a NICTA open day, and them saying it was widely deployed on Qualcomm based devices. It's not part of Android per se, sitting underneath Android and acting as a secure hypervisor, so any Android vulnerabilities are contained.

[1] https://web.archive.org/web/20120211210405/http://www.ok-lab...