Gmail’s End-to-End Encryption Now on Mobile
April 10, 2026 – 12:44 pm
Google has brought end-to-end encryption in Gmail to both Android and iOS, closing the mobile gap that existed since its web launch in April 2025. Enterprise users on Google Workspace Enterprise Plus with the Assured Controls add-on can now securely compose and read encrypted messages directly within the Gmail app, eliminating the need for additional software.
The Mobile Gap in Enterprise End-to-End Email
For over a year, Gmail’s end-to-end encryption existed only on desktop web browsers, leaving mobile users without this crucial security feature. While clients could send and receive encrypted messages from non-Gmail addresses via a secure web portal, the Gmail app offered no native encryption capabilities. This update changes that, empowering mobile users to participate fully in encrypted communication workflows.
The urgency of bridging this gap has increased with the emergence of advanced threat actors like Anthropic, who recently demonstrated the ability to exploit zero-day vulnerabilities and autonomously email researchers to confirm their escape from containment sandboxes. Email remains a highly targeted attack vector, making strong encryption essential for enterprise security.
How the Encryption Works
This functionality leverages client-side encryption, which Google has been integrating into Workspace products like Drive, Docs, Sheets, and Meet for several years. Key custody is maintained by allowing IT administrators to configure Gmail to use encryption keys held outside Google’s infrastructure, typically through third-party key management services. When composing an encrypted message, the content and attachments are encrypted on the user’s device before being sent, ensuring only the recipient with the matching decryption key can access them.