Previously, client-side encryption was added to the web version of Gmail earlier this year, allowing users to read and write encrypted emails directly from their devices.

While Workspace encrypts data at rest and in transit using cryptographic libraries that are secure by design, client-side encryption ensures that you have full control over the encryption keys and access to your data, Google says. Client-side encryption ensures that sensitive data in email messages and attachments cannot be decrypted by Google servers—you retain control of the encryption keys and the identity services that access them.

This feature is available to Google Workspace Enterprise Plus, Education Plus, and Education Standard users. Client-side encryption is not supported on other Workspace editions such as Essentials, Business Starter, Business Standard Plus, etc. Additionally, this feature is not available to users with personal Google accounts.

The feature lets "users work with your most sensitive data from anywhere on their mobile devices," using the S/MIME protocol to encrypt and digitally sign emails before sending them to Google servers.

While composing an email on Gmail for Android or iOS, eligible users can enable client-side encryption by tapping the blue lock icon present in the subject field. However, the feature is disabled by default, so administrators will have to enable access through the CSE admin interface.