Gmail adds end‑to‑end mobile encryption

Email is usually protected like a locked truck in transit, not a locked briefcase only the sender and recipient can open. Google said on April 9 it is rolling out that briefcase-style protection for Gmail on Android and iOS through its client-side encryption system. (workspaceupdates.googleblog.com) Google’s update lets eligible users read and write encrypted Gmail messages inside the native Gmail app on Android and iPhone, instead of using a separate app or a web portal. Google said the feature is for Gmail client-side encryption users in Google Workspace. (workspaceupdates.googleblog.com) In Gmail’s standard setup, Google says messages are encrypted at rest in its data centers and use Transport Layer Security, or encrypted transit, when mail moves between providers. In client-side encryption, Google says encryption happens on the user’s device or browser before data reaches Google’s servers, and Google does not get the private keys or decrypted content. (support.google.com, support.google.com, support.google.com) Google has been building this system in stages for business and education customers. Gmail client-side encryption became generally available on the web on February 28, 2023, mobile support first reached Android and iOS on September 29, 2023, and administrators got a setting on February 29, 2024 to make encryption the default for new mobile emails. (workspaceupdates.googleblog.com, workspaceupdates.googleblog.com, workspaceupdates.googleblog.com) The current push is aimed at organizations that handle regulated or sensitive information on phones, where employees often approve contracts, send internal updates, or review case files away from a laptop. Google framed the mobile rollout around sovereignty, compliance, and keeping sensitive data protected while people work from anywhere. (workspaceupdates.googleblog.com) This is not the same as turning on end-to-end encryption for every Gmail user with a personal account. Google’s help pages tie Gmail client-side encryption to Google Workspace administration, an external key service, and an identity provider that authenticates users before they can encrypt or open protected content. (support.google.com, support.google.com) Google has also been widening who can receive these messages. In October 2025, the company said Gmail client-side encryption users could send encrypted email to any recipient, including people on other email providers, through a guest-account access flow rather than a key exchange. (workspaceupdates.googleblog.com) The mobile change closes one of the practical gaps in that system: people who rely on phones can now handle encrypted Gmail inside the app Google already ships. For companies already paying for the right Google Workspace tiers and managing their own keys, that means one less reason to route sensitive mail through separate tools. (workspaceupdates.googleblog.com, workspaceupdates.googleblog.com)