iGeeksBlog logo

    Gmail now supports end-to-end encryption, but there’s a catch

    Ava BiswasAva Biswas·

    I tested Gmail’s new end-to-end encryption on Android and iPhone and it turns out to be less about personal privacy. Here’s everything to know!

    Gmail now supports end-to-end encryption, but there’s a catch
    Add us on

    Google has announced expanding Gmail end-to-end encryption (E2EE) to Android and iOS devices, so I thought it had finally gone full privacy mode. Five minutes into testing, I realized it’s something else.

    The feature looks like a breakthrough on the surface with a clean little lock icon and a simple toggle. But it’s not for all users. Here’s how Gmail end-to-end encryption works, who can use this, and why it matters.

    Table of Contents

    What is Gmail’s end-to-end encryption (E2EE)?

    Let me explain it in simple terms. End-to-End Encryption (E2EE) means your message is locked before it leaves your device, and only the recipient can unlock it. Even the platform shouldn’t be able to read it.

    Before this update, Gmail already used CSE on desktop. But once stored. So, it was not possible to directly send or access encrypted emails from a mobile device. I used to use third-party apps and external mail portals for additional security.

    The new email system in Gmail makes use of client-side encryption on Android and iOS, meaning:

    • Emails are encrypted before reaching Google servers
    • The content (body + attachments) stays encrypted at rest
    • Keys are controlled by your organization, not Google

    Thus, this new system helps businesses and organizations that need compliance (GDPR, data sovereignty, etc.) simplify workflow on mobile devices. No need for complex traditional encryption like S/MIME or certificates for each user.

    How to enable and use Gmail end-to-end encryption

    This is where things get real, because unlike most features in Gmail, this one doesn’t start with a toggle. When I first tried enabling it, I realized quickly that only my Workspace admin has control over it.

    Once that hurdle is cleared, though, the actual usage is surprisingly simple, and that contrast is exactly what defines Gmail’s E2EE experience.

    Requirements

    You need:

    • Google Workspace Enterprise Plus with the Assured Controls or Assured Controls Plus add-on
    • Admin-enabled client-side encryption for Android and iOS devices
    • Configure encryption settings, like guest access for external recipients

    Once it’s set up, the flow becomes familiar again.

    1. Open Gmail on your iPhone or Android.
    2. Tap Compose, write your mail along with attachments, and add the recipients.
    3. Now, select the lock icon and toggle on Additional Encryption.
    4. Finally, send the email.
      Enable and use Gmail end-to-end Encryption

    If the recipient uses Gmail (mobile or web), the email appears like a normal thread. For other email providers, Google sends a secure link instead of a standard email body. The recipient can open it in a browser, verify their identity (code or login), then read and reply securely.

    That’s a big usability win!

    Things I learned after testing it

    This is where my expectations got challenged.

    • It’s not true plug-and-play encryption: I expected WhatsApp-level simplicity. Instead, it needs admin setup and key configuration. Therefore, this is infrastructure, not a feature.
    • Not fully decentralized encryption: Technically, emails are encrypted before reaching Google. However, metadata can still be seen, and admin control is possible.
    • External email experience feels clunky: When I sent encrypted emails outside Gmail, recipients got a secure portal link instead of a normal email. Yes, it’s secure. But it breaks the simplicity of email.
    • It solves compliance, not privacy: This was my biggest realization. Google didn’t build this for anonymous communication or personal privacy. They offered it for enterprise control.

    However, you want privacy for your personal emails, I recommend using secure apps like Proton Mail and Signal.

    Gmail encryption vs. Proton Mail vs. Signal

    After testing side-by-side:

    FeatureGmail E2EEProton MailSignal
    Default E2EENoYesYes
    Setup complexityMedium–HighLowVery Low
    Key ownershipOrg-controlledUser-controlledUser-controlled
    Metadata hiddenNoMostlyYes
    Works for everyoneNoYesYes

    Who should actually use Gmail encryption?

    After testing it end-to-end, here’s my clear stance:

    Use it if you:

    • Use Google Workspace for your business
    • Need compliance-grade security
    • Want encryption without S/MIME headaches

    Avoid relying on it if you:

    • Want full personal privacy
    • Expect zero-knowledge encryption
    • Want seamless messaging

    In those cases, Proton Mail still wins for email, whereas Signal dominates messaging.

    Final thoughts

    After spending time with Gmail’s new encryption, I walked away with mixed feelings.

    On one hand, I genuinely like what Google has done here. Once everything is set up, it’s shockingly easy to use. Just tap a lock and send.

    However, not everybody can use this. It’s controlled, enterprise-focused, and still comes with boundaries. I wish this rollout to standard Gmail for all users in the near future.

    Do you also want default end-to-end encryption, like WhatsApp, for your personal emails? Let me know your thoughts below!

    More Like This:

    Add as a preferred source on Google
    Ava Biswas

    Written by

    Ava Biswas

    Ava is a die-hard Apple aficionado and seasoned writer with a knack for breaking down complex tech concepts into easily digestible content. Having honed her writing and editing skills over 4 years at renowned media houses like TechBurner, Ava crafts informative and engaging articles including troubleshooting guides, product reviews, editorials at iGeeksBlog. When not typing, you can find her exploring the latest Apple releases or pondering the future of tech innovation.

    View all posts →

    More from How-to