Skip to main content
TechnologyApr 13, 2026· 2 min read

Gmail, native end-to-end encryption arrives on Android and iOS: how to activate it

Google has officially announced the extension of Client-Side Encryption (CSE) for Gmail to Android and iOS platforms. This move allows enterprise users to manage end-to-end encryption (E2EE) protected communications directly from the native mobile application, thus avoiding the need to use external services or web applications for decryption. This implementation aims to ensure data sovereignty, ensuring that organizations maintain exclusive control over encryption keys.

Unlike standard encryption, Google Workspace's CSE technology requires that data and attachments are encrypted locally on the sender's device before being transmitted to the Mountain View servers. Since the encryption keys are stored with an external key management service controlled by the organization (and therefore outside Google's perimeter), the service provider has no technical means to access the clear content of the emails. This architecture is critical for entities operating under strict regulatory regimes, such as the public sector, healthcare, or entities subject to export controls.

Gmail CSE: Client-side encryption reaches Android and iOS

The user experience on mobile mirrors what has already been seen on the desktop version of the client. To compose a protected message, the user must select the lock icon and enable the additional encryption option. From that moment, composition and sending proceed normally. The system intelligently manages the receipt: if the recipient uses the Gmail app, the message appears as a normal thread in the inbox.

For contacts who do not use Google's mobile app or rely on different email providers, the process remains simplified. They can view and respond to encrypted emails directly through their mobile browser, maintaining the integrity of end-to-end protection without needing to install specific software. This interoperability, already hinted at in previous announcements regarding the web version, now becomes a pillar of mobile productivity for enterprise licenses.

Activating the feature is not automatic and requires administrator intervention in the Google Workspace management console. Admins must explicitly enable Android and iOS clients within the CSE interface. Once the deployment is authorized, the function becomes visible to end-users with compatible licenses.

Currently, support for client-side encryption on mobile is reserved for Enterprise Plus subscriptions that include the Assured Controls or Assured Controls Plus add-ons. The roll-out is already underway and affects both domains enrolled in the Rapid Release channel and those in Scheduled Release. The development path of CSE technology thus reaches a significant maturity phase, following the beta debut on the web at the end of 2022 and the subsequent stable release on Drive, Docs, and Meet at the beginning of 2023.

From 80 Man-Months to Just a Few Hours: AI is Transforming the Design of NVIDIA ChipsHP Laptop with 32GB of RAM and Core i5 for €669, plus an ASUS anti MacBook Air at an exceptional price