Google has expanded end to end encryption for Gmail to Android and iPhone devices through the official Gmail application. This feature was previously rolled out to desktop users within Workspace and is now available on mobile devices with the same approach.
Access is currently limited to organizations using Google Workspace Enterprise Plus with the Assured Controls or Assured Controls Plus plugin. Administrators must enable client-side encryption on Android and iOS devices before users can start using the feature.
How Gmail end-to-end mobile encryption works
When both the sender and recipient use the Gmail app with end-to-end encryption enabled, encrypted messages appear as regular email threads. Users can tap the lock icon within the compose window and select “additional encryption” to send an encrypted message.
Recipients who do not use the Gmail client are directed to a secure web page to read and reply to the message. Attached files are also protected by encryption. Administrators are responsible for enabling client-side encryption at the organization level. Individual users do not need to obtain, configure, or exchange security certificates.
How is it different from S/MIME?
Traditional business email encryption has typically relied on S/MIME, which requires issuing certificates to each user and exchanging them before being able to send encrypted messages. Google’s approach eliminates this need for Gmail-to-Gmail communication, making the setup process easier for both users and IT teams.
However, this process is not completely seamless for all recipients. Those outside the Gmail app still need to use a browser to access encrypted messages. For Gmail users, the only step once the administrator enables the feature is to turn the encryption option on or off.
Compliance and data protection context
End-to-end encryption in Gmail is particularly relevant for organizations subject to data protection rules such as GDPRthat describes how confidential information should be handled and transmitted. Some regions also have data sovereignty laws that restrict where certain data can be stored or sent. Using E2EE helps reduce the risk of data being intercepted during transmission, which can impact compliance with these regulations.
Google has not provided a timeline for expanding Gmail E2EE access beyond Google Workspace Enterprise Plus or making it available to individual Google accounts.
