FaceTime Like a Pro
Get our exclusive Ultimate FaceTime Guide 📚 — absolutely FREE when you sign up for our newsletter below.
iGeeksBlog
Gmail now supports end-to-end encryption, but there’s a catch
I tested Gmail’s new end-to-end encryption on Android and iPhone and it turns out to be less about personal privacy. Here's everything to know!
Explore with AI:
Google has announced expanding Gmail end-to-end encryption (E2EE) to Android and iOS devices, so I thought it had finally gone full privacy mode. Five minutes into testing, I realized it’s something else.
The feature looks like a breakthrough on the surface with a clean little lock icon and a simple toggle. But it’s not for all users. Here’s how Gmail end-to-end encryption works, who can use this, and why it matters.
What is Gmail’s end-to-end encryption (E2EE)?
Let me explain it in simple terms. End-to-End Encryption (E2EE) means your message is locked before it leaves your device, and only the recipient can unlock it. Even the platform shouldn’t be able to read it.
Before this update, Gmail already used CSE on desktop. But once stored. So, it was not possible to directly send or access encrypted emails from a mobile device. I used to use third-party apps and external mail portals for additional security.
The new email system in Gmail makes use of client-side encryption on Android and iOS, meaning:
- Emails are encrypted before reaching Google servers
- The content (body + attachments) stays encrypted at rest
- Keys are controlled by your organization, not Google
Thus, this new system helps businesses and organizations that need compliance (GDPR, data sovereignty, etc.) simplify workflow on mobile devices. No need for complex traditional encryption like S/MIME or certificates for each user.
How to enable and use Gmail end-to-end encryption
This is where things get real, because unlike most features in Gmail, this one doesn’t start with a toggle. When I first tried enabling it, I realized quickly that only my Workspace admin has control over it.
Once that hurdle is cleared, though, the actual usage is surprisingly simple, and that contrast is exactly what defines Gmail’s E2EE experience.
Requirements
You need:
- Google Workspace Enterprise Plus with the Assured Controls or Assured Controls Plus add-on
- Admin-enabled client-side encryption for Android and iOS devices
- Configure encryption settings, like guest access for external recipients
Once it’s set up, the flow becomes familiar again.
- Open Gmail on your iPhone or Android.
- Tap Compose, write your mail along with attachments, and add the recipients.
- Now, select the lock icon and toggle on Additional Encryption.
- Finally, send the email.
If the recipient uses Gmail (mobile or web), the email appears like a normal thread. For other email providers, Google sends a secure link instead of a standard email body. The recipient can open it in a browser, verify their identity (code or login), then read and reply securely.
That’s a big usability win!
Things I learned after testing it
This is where my expectations got challenged.
- It’s not true plug-and-play encryption: I expected WhatsApp-level simplicity. Instead, it needs admin setup and key configuration. Therefore, this is infrastructure, not a feature.
- Not fully decentralized encryption: Technically, emails are encrypted before reaching Google. However, metadata can still be seen, and admin control is possible.
- External email experience feels clunky: When I sent encrypted emails outside Gmail, recipients got a secure portal link instead of a normal email. Yes, it’s secure. But it breaks the simplicity of email.
- It solves compliance, not privacy: This was my biggest realization. Google didn’t build this for anonymous communication or personal privacy. They offered it for enterprise control.
However, you want privacy for your personal emails, I recommend using secure apps like Proton Mail and Signal.
Gmail encryption vs. Proton Mail vs. Signal
After testing side-by-side:
| Feature | Gmail E2EE | Proton Mail | Signal |
|---|---|---|---|
| Default E2EE | No | Yes | Yes |
| Setup complexity | Medium–High | Low | Very Low |
| Key ownership | Org-controlled | User-controlled | User-controlled |
| Metadata hidden | No | Mostly | Yes |
| Works for everyone | No | Yes | Yes |
Who should actually use Gmail encryption?
After testing it end-to-end, here’s my clear stance:
Use it if you:
- Use Google Workspace for your business
- Need compliance-grade security
- Want encryption without S/MIME headaches
Avoid relying on it if you:
- Want full personal privacy
- Expect zero-knowledge encryption
- Want seamless messaging
In those cases, Proton Mail still wins for email, whereas Signal dominates messaging.
Final thoughts
After spending time with Gmail’s new encryption, I walked away with mixed feelings.
On one hand, I genuinely like what Google has done here. Once everything is set up, it’s shockingly easy to use. Just tap a lock and send.
However, not everybody can use this. It’s controlled, enterprise-focused, and still comes with boundaries. I wish this rollout to standard Gmail for all users in the near future.
Do you also want default end-to-end encryption, like WhatsApp, for your personal emails? Let me know your thoughts below!
More Like This:
Explore with AI:
Ava Biswas
Articles: 630
Related Posts
