Google is now rolling out end-to-end encryption (E2EE) for Gmail on iOS and Android devices. Previously limited to desktop, this client-side encryption (CSE) feature significantly enhances user privacy by ensuring only the sender and intended recipients can decrypt messages.
This new mobile support is available for users on enterprise Google Workspace plans. While basic Gmail users rely on Transport Layer Security (TLS) for encryption in transit, CSE offers a higher level of security by scrambling messages so that Google itself cannot access them. The decryption key is held by the Workspace plan organizer, not Google.
Users can now compose and read E2EE emails directly within the Gmail mobile app. Recipients with Gmail will see the message in their inbox, while those with other email providers will receive a link to open the encrypted content in their browser. It's important to note that while the email body is fully encrypted, headers, subject lines, and recipient information are not.
To utilize this feature, an organization's administrator must first enable CSE for mobile within their Workspace settings. Once enabled, users can select "Compose," then "Message security," and choose to "Turn on" additional encryption.