Gmail finally offers end-to-end encryption for email on Android and iPhone
Fully encrypted email has been available in at least one form for Gmail since late 2022, but now it’s finally mobile-ready. Google now offers end-to-end encryption (E2EE) for Gmail on Android and iPhone devices through the official mail app.
The move comes days after Google simplified encryption for Workspace users on desktop and is following a similar approach. If both the sender and recipient use the Gmail app, encrypted messages will appear like regular email threads. Just tap the lock icon and choose “additional encryption”. Recipients who do not use the Gmail client will be redirected to a secure web page to read and respond to these messages.
As with the previous rollout, access to end-to-end encryption is currently limited to organizations using Google Workspace, specifically those using an Enterprise Plus plan with the Assured Controls or Assured Controls Plus add-on. Your administrator will need to enable client-side encryption on Android and iOS.
Why is end-to-end encryption important for Gmail?
It’s not just safer, it’s the law
As Google is quick to explain, end-to-end email encryption has always been difficult. Businesses have typically had to implement Secure/Multi-Purpose Internet Email Extensions (S/MIME) by issuing security certificates to each user, while users must activate and exchange these certificates before they can even begin sending email. They may also need to use separate apps and web portals.
What is end-to-end encryption and why is it important?
The best way to protect your sensitive data from prying eyes.
Google’s approach is not yet completely transparent, given that some recipients still have to rely on web browsers. However, it streamlines the process for both you and your employer’s IT manager. You don’t need to obtain or even understand the certificates: as long as both parties have the technology enabled, a simple switchover is all it takes to get started.
This decision increases the likelihood that you will use end-to-end encryption and thus lock down sensitive data (including attachments) the moment you send a message. There should be less chance of criminals or government surveillance agents intercepting your conversations.
It’s not just about maintaining company security policies. In some cases this may be required by law. Legislation such as the European Union’s General Data Protection Regulation (GDPR) has strict rules governing privacy and security when processing information. There may be legal consequences if your employer doesn’t do enough to protect sensitive data.
Some governments, including the EU, also have data sovereignty laws or initiatives that require the storage of at least some data within their borders. End-to-end encryption reduces the chances of something you send through Gmail landing in another country.
