In context: Encryption underpins most of today's digital world, but it still lacks widespread support for email-based communications. Google is trying to further expand encryption's reach through its Gmail platform, which is now providing additional security on mobile devices as well.
A few months after introducing end-to-end encryption (E2EE) to Gmail's web platform, Google is doing the same to mobile apps. The company recently confirmed that Android and iOS users can now safely encrypt their email-based conversations, although they will still need to be part of an organization paying for the Google Workspace service and related E2EE extensions.
Workspace users can now natively manage, send, and receive encrypted emails without leaving the familiar Gmail interface, Google said. The message will ultimately be delivered to any recipient, no matter the email platform they use. However, the delivery experience will change accordingly.
If the recipient is also a Gmail user, they will be able to transparently view the message just like any typical email thread in the inbox. If the recipient is using a "guest" email platform, they will be redirected to a secure web session where the encrypted message will be shown. It's not exactly an ideal way to manage encrypted emails, but Google still considers the web-based solution a secure, user-friendly experience that can preserve the standard E2EE requirements.
End-to-end encryption provides greater security and privacy in personal or professional communications. When implemented correctly, an E2EE system should guarantee that only the sender and the "intended" recipient can decode and read a message. Google describes E2EE on Gmail as the highest level of privacy and data encryption available on the platform, and an increasingly important requirement for small businesses, enterprise organizations, and the public sector.
Gmail E2EE for mobile apps is now generally available for Workspace-based organizations paying for the Enterprise Plus plan, using either the Assured Controls or Assured Controls Plus add-ons. IT admins can enable or manage the feature on certified clients through their CSE admin console. Meanwhile, end users on certified devices can just tap on the "lock" icon and select additional encryption to compose an encrypted message.
Google's Gmail implementation of managed encryption is named Client-side Encryption (CSE). The CSE service provides enterprise customers and their admins with the tools to set up their own properly encrypted communication platform. They will also be required to obtain a pair of valid encryption keys from third-party service providers.