Fully encrypted email has been available at least in some form for Gmail since late 2022, but now it’s finally ready for mobile devices. Google is now offering End-to-end encryption (E2EE) for Gmail on Android and iPhone devices viayough the official email application.
The move comes days after Google simplified encryption for Workspace users on the desktop and follows a similar approach. If both the sender and recipient use the Gmail app, encrypted messages will appear like typical email threads. Just tap the lock icon and choose “additional encryption.” Recipients who do not use the Gmail client will be sent to a secure web page to read and reply to those messages.
As with the previous implementation, access to end-to-end encryption is currently limited to organizations using Google Workspace, particularly those using an Enterprise Plus plan with the Assured Controls or Assured Controls Plus add-on. Your administrator will need to enable client-side encryption on Android and iOS.
Why is end-to-end encryption important for Gmail?
It’s not just safer, it’s the law.
As Google is eager to explain, end-to-end encrypted email has historically it has been difficult. Typically, enterprises have needed to implement Secure/Multipurpose Internet Mail Extensions (S/MIME) by issuing security certificates to each user, while users have to enable and exchange those certificates before they can start sending emails. They may also need to use separate applications and web portals.
Google’s approach is still not completely seamless, as some recipients still have to rely on web browsers. However, it streamlines the process for both you and your employer’s IT administrator. Certificates do not need to be obtained or understood; As long as both parties have the technology enabled, all you need is a quick change to get started.
The move makes it more likely to use end-to-end encryption and therefore block sensitive data (including attachments) at the time you send a message. There should be less chance of criminals or government surveillance agents intercepting your conversations.
It’s not just about maintaining the company’s security policies. In some cases, this may be required by law. Legislation like that of the European Union General Data Protection Regulation (GDPR) has firm rules governing privacy and security when handling information. There may be legal consequences if your employer does not do enough to protect sensitive data.
Some governments, including the EU, also have data sovereignty laws or initiatives that require storing at least some data within their borders. End-to-end encryption reduces the chances that something you send through Gmail will reach another country.
