After offering end-to-end encryption for the web, Google Gmail Mail now offers the same end-to-end encryption for Android and iOS apps, allowing mobile users to read and write encrypted emails directly from their smartphones.
Google’s blog post to the effect that:
- While Google Workspace uses Secure by Design encryption libraries to encrypt data at rest and in transit, client-side encryption ensures that you have full control over encryption keys and data access.
- Client-side encryption ensures that sensitive data in the body of your emails and attachments cannot be decrypted by Google servers and that you retain control of your encryption keys and the identity services that access them.
Google says the feature allows users to work with the “most sensitive” data on their mobile devices from anywhere, while still complying with compliance and regulatory requirements. The feature encrypts and digitally signs emails using the S/MIEE protocol before they are sent to Google’s servers.
The feature is described as requiring a Google Workspace subscription and administrator configuration, and is not supported for non-enterprise or education subscribers. The applicable versions are listed below:
- Google Workspace for Enterprise Plus
- Education Plus
- Education Standard
The following versions are not available:
- Essentials
- Business Starter
- Business Standard Plus
- Google Personal Accounts
This feature is disabled by default, eligible users can enable end-to-end encryption by clicking the blue lock icon in the “Subject” column of Gmail, administrators must enable access through the CSE management interface.
