Gmail E2EE lands on Android and iOS for enterprise client-side encryption users

Google has extended Gmail’s end-to-end encryption to the Android and iOS apps, letting enterprise users compose and read encrypted messages natively without external tools or mail portals. Recipients on Gmail see the messages in their inbox as normal; recipients on other providers receive them via a browser-based reader. Senders enable it per-message through the lock icon’s ‘Additional encryption’ option.

The feature is gated to Workspace customers with Enterprise Plus licenses plus the Assured Controls or Assured Controls Plus add-on, and admins must enable mobile clients in the client-side encryption (CSE) admin interface. Under the hood it relies on CSE, where messages are encrypted on the client using keys held outside Google’s infrastructure, leaving Google and third parties unable to decrypt content.

The mobile rollout follows the April 2025 beta of Gmail’s E2EE model and an October expansion that allowed encrypted sends to recipients on any email platform. The architecture is targeted at organizations with data sovereignty, HIPAA, or export-control obligations that need cryptographic assurance Google itself cannot read the data.