diff --git a/components/wifi_provisioning/include/wifi_provisioning/manager.h b/components/wifi_provisioning/include/wifi_provisioning/manager.h
index 417ff3af8e..a2870cff01 100644
--- a/components/wifi_provisioning/include/wifi_provisioning/manager.h
+++ b/components/wifi_provisioning/include/wifi_provisioning/manager.h
@@ -188,11 +188,13 @@ typedef struct {
  * These are same as the security modes provided by protocomm
  */
 typedef enum wifi_prov_security {
+#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0
     /**
      * No security (plain-text communication)
      */
     WIFI_PROV_SECURITY_0 = 0,
-
+#endif
+#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1
     /**
      * This secure communication mode consists of
      *   X25519 key exchange
@@ -200,16 +202,27 @@ typedef enum wifi_prov_security {
      * + AES-CTR encryption
      */
     WIFI_PROV_SECURITY_1,
-
+#endif
+#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2
     /**
      * This secure communication mode consists of
      *  SRP6a based authentication and key exchange
      *  + AES-GCM encryption/decryption
      */
     WIFI_PROV_SECURITY_2
+#endif
 } wifi_prov_security_t;
 
-typedef protocomm_security1_params_t wifi_prov_security1_params_t;
+/**
+ * @brief  Security 1 params structure
+ *         This needs to be passed when using WIFI_PROV_SECURITY_1
+ */
+typedef const char wifi_prov_security1_params_t;
+
+/**
+ * @brief  Security 2 params structure
+ *         This needs to be passed when using WIFI_PROV_SECURITY_2
+ */
 typedef protocomm_security2_params_t wifi_prov_security2_params_t;
 
 /**
diff --git a/components/wifi_provisioning/src/manager.c b/components/wifi_provisioning/src/manager.c
index 1d36a38b0a..13074a1fd0 100644
--- a/components/wifi_provisioning/src/manager.c
+++ b/components/wifi_provisioning/src/manager.c
@@ -600,6 +600,12 @@ static bool wifi_prov_mgr_stop_service(bool blocking)
 
     /* Free proof of possession */
     if (prov_ctx->protocomm_sec_params) {
+        if (prov_ctx->security == 1) {
+            // In case of security 1 we keep an internal copy of "pop".
+            // Hence free it at this point
+            uint8_t *pop = (uint8_t *)((protocomm_security1_params_t *) prov_ctx->protocomm_sec_params)->data;
+            free(pop);
+        }
         prov_ctx->protocomm_sec_params = NULL;
     }
 
@@ -1474,20 +1480,38 @@ esp_err_t wifi_prov_mgr_start_provisioning(wifi_prov_security_t security, const
         goto err;
     }
 
+#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_0
     /* Initialize app data */
     if (security == WIFI_PROV_SECURITY_0) {
         prov_ctx->mgr_info.capabilities.no_sec = true;
-    } else if (security == WIFI_PROV_SECURITY_1) {
+    } else
+#endif
+#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_1
+    if (security == WIFI_PROV_SECURITY_1) {
         if (wifi_prov_sec_params) {
-            prov_ctx->protocomm_sec_params = wifi_prov_sec_params;
+            static protocomm_security1_params_t sec1_params;
+            // Generate internal copy of "pop", that shall be freed at the end
+            char *pop = strdup(wifi_prov_sec_params);
+            if (pop == NULL) {
+                ESP_LOGE(TAG, "Failed to allocate memory for pop");
+                ret = ESP_ERR_NO_MEM;
+                goto err;
+            }
+            sec1_params.data = (const uint8_t *)pop;
+            sec1_params.len = strlen(pop);
+            prov_ctx->protocomm_sec_params = (const void *) &sec1_params;
         } else {
             prov_ctx->mgr_info.capabilities.no_pop = true;
         }
-    } else if (security == WIFI_PROV_SECURITY_2) {
+    } else
+#endif
+#ifdef CONFIG_ESP_PROTOCOMM_SUPPORT_SECURITY_VERSION_2
+    if (security == WIFI_PROV_SECURITY_2) {
         if (wifi_prov_sec_params) {
             prov_ctx->protocomm_sec_params = wifi_prov_sec_params;
         }
     }
+#endif
     prov_ctx->security = security;
 
 
diff --git a/docs/en/api-reference/provisioning/provisioning.rst b/docs/en/api-reference/provisioning/provisioning.rst
index 29d136992a..d4f373f943 100644
--- a/docs/en/api-reference/provisioning/provisioning.rst
+++ b/docs/en/api-reference/provisioning/provisioning.rst
@@ -146,7 +146,6 @@ Security1 scheme details are shown in the below sequence diagram -
         CLIENT -> CLIENT [label = "Verify Device", rightnote = "check (cli_pubkey == aes_ctr_dec(dev_verify...)"];
     }
 
-.. note:: We shall soon migrate to ``Security2 scheme`` as the default scheme in our examples as it provides enhanced security. This change shall be done once we have our phone apps (Android/iOS) upgraded to handle ``Security2 scheme``.
 
 Security2 Scheme
 >>>>>>>>>>>>>>>>
diff --git a/docs/en/migration-guides/release-5.x/provisioning.rst b/docs/en/migration-guides/release-5.x/provisioning.rst
index 84f51af72d..f9950203ce 100644
--- a/docs/en/migration-guides/release-5.x/provisioning.rst
+++ b/docs/en/migration-guides/release-5.x/provisioning.rst
@@ -14,8 +14,7 @@ Wi-Fi Provisioning
 ------------------
 
 .. list::
-    * The ``pop`` field in the :cpp:func:`wifi_prov_mgr_start_provisioning` API is now deprecated. Please use the ``wifi_prov_sec_params`` field instead of ``pop``. This parameter should contain the structure (containing the security parameters) as required by the protocol version used. For example, when using security version 2, the ``wifi_prov_sec_params`` parameter should contain the pointer to the structure of type :cpp:type:`wifi_prov_security2_params_t`.
-
+    * The ``pop`` field in the :cpp:func:`wifi_prov_mgr_start_provisioning` API is now deprecated. For backward compatibility, ``pop`` can be still passed as a string for security1. However for Security2 the ``wifi_prov_sec_params`` argument needs to be passed instead of ``pop``. This parameter should contain the structure (containing the security parameters) as required by the protocol version used. For example, when using security version 2, the ``wifi_prov_sec_params`` parameter should contain the pointer to the structure of type :cpp:type:`wifi_prov_security2_params_t`. For security 1 the behaviour and the usage of the API remains same.
     * The API :cpp:func:`wifi_prov_mgr_is_provisioned` does not return :c:macro:`ESP_ERR_INVALID_STATE` error any more. This API now works without any dependency on provisioning manager initialization state.
 
 ESP Local Control
diff --git a/examples/provisioning/wifi_prov_mgr/main/app_main.c b/examples/provisioning/wifi_prov_mgr/main/app_main.c
index 9f17dfe1b2..8b20a640da 100644
--- a/examples/provisioning/wifi_prov_mgr/main/app_main.c
+++ b/examples/provisioning/wifi_prov_mgr/main/app_main.c
@@ -343,11 +343,8 @@ void app_main(void)
          * for the protocomm security 1.
          * This does not need not be static i.e. could be dynamically allocated
          */
-        wifi_prov_security1_params_t sec1_params = {
-            .data = (const uint8_t *)pop,
-            .len = strlen(pop),
-        };
-        wifi_prov_security1_params_t *sec_params = &sec1_params;
+        wifi_prov_security1_params_t *sec_params = pop;
+
         const char *username  = NULL;
 
 #elif CONFIG_EXAMPLE_PROV_SECURITY_VERSION_2