Google said Gmail client-side encryption (CSE) is now available for Android and iOS devices, giving users more control over encryption keys and data access.
Previously, client-side encryption was added to the web version of Gmail earlier this year, allowing users to read and write encrypted emails directly from their devices.
Google says that while Workspace encrypts data at rest and in transit using cryptographic libraries that are secure by design, client-side encryption ensures you have full control over encryption keys. encryption and access to your data. Client-side encryption ensures sensitive data in email bodies and attachments cannot be decrypted by Google servers – you retain control of encryption keys and the identity service to access them .
This feature is available to Google Workspace Enterprise Plus, Education Plus, and Education Standard users. Client-side encryption is not supported on other Workspace editions such as Essentials, Business Starter, Business Standard Plus… Additionally, this feature is not available for users with personal Google accounts.
This feature allows “users to work with your most sensitive data from anywhere on mobile devices”, using the S/MIME protocol to encrypt and digitally sign emails before sending them to Google servers.
While composing an email on Gmail for Android or iOS, eligible users can enable client-side encryption by tapping the blue lock icon present in the subject field. However, this feature is disabled by default, so administrators will have to enable access through the CSE administration interface.