Client-side encryption in Gmail is now available on mobile devices

What’s changing 

We’re expanding client-side encryption in Gmail to Android and iOS devices, so you can read and write encrypted messages directly from your device. This allows your users to work with your most sensitive data from anywhere on their mobile devices while adhering to compliance and regulatory requirements. The Gmail mobile apps support encrypted mail natively, so users don't need to download multiple apps, or navigate to an external portal, to access their encrypted messages. 


While Workspace encrypts data at rest and in transit by using secure-by-design cryptographic libraries, client-side encryption ensures that you have sole control over encryption keys and access to your data. Client-side encryption ensures sensitive data in the email body and attachments are indecipherable to Google servers — you retain control over encryption keys and the identity service to access those keys. For more information, check out our original announcement and the Workspace blog.


Getting started

  • Admins: Admin will need to enable the Android and iOS clients in the CSE admin interface in order for users to have access. This can be done in the Admin Console by going to Security > Access and data control > Client-side encryption > Identity provider configuration. 
  • End users: To add client-side encryption to any message, click the lock icon and select additional encryption, and compose your message and add attachments as normal. Visit the Help Center to learn more about using client-side encryption for Gmail.