Google has rolled out end-to-end encryption for Gmail to Android and iOS devices, enabling enterprise users to compose, send, and read encrypted emails directly within the Gmail app without needing extra software or portals.[1][2][4][5] This update, announced this week, closes a year-long gap since the feature launched on the web in April 2025, making secure mobile communication as seamless as desktop workflows.[2][4]
The capability targets Google Workspace customers on the Enterprise Plus plan with the Assured Controls or Assured Controls Plus add-on, allowing organizations to handle sensitive data while meeting strict compliance needs like data sovereignty, HIPAA, and export controls.[1][3][4][5] Powered by client-side encryption (CSE), messages and attachments are encrypted on the user's device before reaching Google's servers, ensuring Google cannot access the content since keys are managed externally by the organization.[2][4][6] As Google stated in its blog post, "This launch combines the highest level of privacy and data encryption with a user-friendly experience for all users, enabling simple encrypted email for all customers from small businesses to enterprises and public sector."[1][4][5]
To use it, administrators must first enable Android and iOS access in the Google Admin Console's CSE interface.[1][5] End users then click a lock icon while composing a message, select additional encryption, and proceed normally with text and attachments.[1][4][5] Gmail recipients see messages as standard threads in their app inbox, while external recipients—regardless of their email provider—can access and reply via a secure web browser on any device.[1][2][5] This flexibility supports teams working remotely or on the go, treating mobile users as equals in encrypted exchanges rather than forcing desktop detours.
The rollout is now live for both Rapid Release and Scheduled Release domains, building on prior expansions like October 2025 support for non-Gmail recipients.[2][4] CSE itself traces back to a 2022 beta in Gmail web, following tests in Drive, Docs, Sheets, Meet, and Calendar, with general availability in 2023 for select plans.[4] By eliminating mobile limitations, Google addresses a key pain point for enterprises where decision-makers and field workers alike rely on phones for critical tasks.[2]
This matters for businesses handling confidential information, as it simplifies secure email without complex setups like S/MIME certificates or third-party tools, reducing barriers to adoption across small firms and public sector agencies.[4][5][6] IT teams gain control, including options to restrict external access or revoke permissions like with Google Drive files, preventing data from lingering on unauthorized devices.[6] Affected users include millions on Enterprise Plus plans, who can now maintain compliance on the move.
Looking ahead, organizations should check their Admin Console promptly to activate the feature, with Google's Help Center offering step-by-step guidance.[1][5] As mobile work persists, this positions Gmail as a stronger contender in secure enterprise communication, potentially influencing competitors to match native app encryption.[2][3]