Google is rolling out end-to-end encryption for Gmail on iOS and Android to enterprise users. The feature lets Workspace users compose and read encrypted emails directly in the Gmail app without additional tools.
Google has expanded its client-side encryption offering to mobile platforms, bringing end-to-end encryption (E2EE) to Gmail users on iOS and Android devices. The rollout targets enterprise customers using Google Workspace.
■ Direct Integration
Eligible users can compose and read encrypted emails directly within the native Gmail app. This eliminates the need for separate applications or web portals to access encrypted messages.
■ Expanding Existing Features
The mobile rollout follows Google's introduction of E2EE for Gmail on the web, which launched over a year ago. Client-side encryption (CSE) gives organizations control over encryption keys and the identity service used to access those keys.
With E2EE enabled, email content is encrypted before it reaches Google's servers. Only the sender and intended recipients can decrypt and read the messages. Google cannot access the plaintext content of encrypted emails.
■ Enterprise Focus
The feature remains limited to Google Workspace enterprise users. Organizations must enable client-side encryption in their Workspace admin console before users can access the functionality.
Workspace editions that support CSE include Enterprise Plus, Education Plus, and Education Standard. The feature is not available to personal Gmail accounts or basic Workspace tiers.
■ Gradual Deployment
Google is implementing a gradual rollout schedule. The feature may take up to 15 days to become visible to all eligible users after initial deployment begins in their organization.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.