At one point it was [1], and I'm not aware that that has changed. I've also a memory of talking to the seL4 team at a NICTA open day, and them saying it was widely deployed on Qualcomm based devices. It's not part of Android per se, sitting underneath Android and acting as a secure hypervisor, so any Android vulnerabilities are contained.
Aren't those billions of Linux/Android instances typically running on top of an seL4 microkernel?