Gmail end-to-end encryption reaches Android and iPhone for enterprise users

Google has started rolling out Gmail end-to-end encryption on Android and iPhone, but this is not a feature for regular personal accounts. It is meant for Google Workspace organizations that already use Gmail client-side encryption and have the right enterprise licensing in place.

The main change is that eligible users can now read and write encrypted emails directly inside the Gmail mobile app. They no longer need a separate app or a special mail portal just to handle protected messages on a phone.

BEST SPRING 2026 DEALS

Editor's Choice

Private Internet Access

Access content across the globe at the highest speed rate.

70% of our readers choose Private Internet Access

70% of our readers choose ExpressVPN

ExpressVPN

Browse the web from multiple devices with industry-standard security protocols.

Nord VPN

Faster dedicated servers for specific actions (currently at summer discounts)

Google also says these encrypted emails can go to any recipient, not just Gmail users. If the recipient uses Gmail on mobile, the message arrives in the Gmail app like a normal email. If they use another mail service, they can open and read it in a browser.

What changed with this rollout

This rollout expands a system Google already had on the web. Gmail client-side encryption has been around for Workspace customers for some time, but mobile support was the missing piece for organizations that needed to handle sensitive mail while away from a desk.

Google says the feature is now available on both Android and iOS for Gmail client-side encryption users. Admins still need to enable Android and iOS clients for client-side encryption in the Google Admin console before staff can use it.

To send one of these messages, users need to turn on the Additional encryption option by selecting the lock icon while writing an email. That keeps the experience close to normal Gmail, which is clearly the point of this update. Google wants secure mail to feel less like a specialist tool and more like a built-in option.

Who gets it and why it matters

This is still a premium security feature. Google says it is available for client-side encryption users with Enterprise Plus and the Assured Controls or Assured Controls Plus add-on, after admin setup. That means many businesses will not get it by default, even if they already use Workspace.

The bigger value here is compliance and control. Google says client-side encryption lets organizations keep control of encryption keys outside Google’s servers, which helps with strict regulatory and data sovereignty requirements. The company specifically ties the feature to needs such as HIPAA, export controls, and similar compliance demands.

In practical terms, this rollout makes secure email more usable for staff in the field. Legal teams, public sector workers, healthcare organizations, and regulated businesses can now handle protected messages from a phone without adding another workflow layer. That does not make Gmail encryption universal, but it does make it much easier to use for the customers Google is targeting. This last point is an inference based on Google’s stated audience and compliance framing.

Gmail mobile E2EE at a glance

Source: Google Workspace Updates and Gmail CSE support documentation.

Key points

• This rollout does not bring end-to-end encryption to all Gmail users. It is limited to eligible Workspace enterprise customers.
• Users can now compose and read encrypted emails natively in the Gmail mobile app.
• Recipients do not need the same mail provider to read encrypted messages.
• Admins must enable mobile clients for client-side encryption before employees can use the feature.

FAQ