Fully encrypted email has been available for Gmail in at least some form since late 2022, but now it’s finally ready for mobile. Google does now offers End-to-end encryption (E2EE) for Gmail on Android devices and iPhones.ugh official email program.
The move comes days after Google simplified encryption for desktop Workspace users and follows a similar approach. If both the sender and receiver are using Gmail, encrypted messages will appear as typical email headers. You just need to tap on the lock icon and select “additional encryption”. Recipients not using the Gmail client will be directed to a secure web page to read and reply to those messages.
As with the previous release, end-to-end encryption access is currently limited to organizations using Google Workspace, specifically those using the Enterprise Plus plan with Assured Controls or Assured Controls Plus. Your administrator will need to enable client-side encryption on Android and iOS.
Why is end-to-end encryption important for Gmail?
Not only is it safer, it’s also the law
As Google is keen to explain, there is end-to-end encrypted email has historically been difficult. Companies typically have to implement Secure/Multipurpose Internet Mail Extensions (S/MIME) by issuing security certificates to each user, while users must activate and exchange those certificates before they can start sending email. They may also need to use separate applications and web portals.
Given that some shoppers still have to rely on web browsers, Google’s approach is still not entirely flawless. However, it simplifies the process for both you and your employer’s IT manager. You don’t have to acquire or even understand the certifications—as long as both parties enable the technology, all you need is a quick switch to get started.
The move makes it more likely that you use end-to-end encryption, thus blocking sensitive data (including attachments) the moment you send a message. There should be less chance of criminals or government surveillance agents intercepting your conversations.
It’s not just about maintaining the company’s security policy. In some cases, this may be required by law. Legislation such as the European Union General Data Protection Regulation (GDPR) has strong rules governing privacy and security when handling data. If your employer does not take sufficient precautions to protect sensitive information, there may be legal consequences.
Some governments, including the EU, have data sovereignty laws or initiatives that require at least some data to be kept within their borders. End-to-end encryption reduces the chance that anything you send through Gmail will end up in another country.
