Apple last week announced a series of Advanced Data Protection tools that bring powerful encryption for numerous iCloud services for the first time, including Backup, Photos, and Notes, but Mail was notably excluded. Now Google has announced that Google Workspace and education users will get end-to-end encryption on the web using their Gmail account.
The timing may be coincidental, but it’s notable. Apple rolled out iOS 16.2 and macOS 13.1 on Tuesday with Advanced Data Protection for the iPhone, iPad, and Mac, but noted in a support document that iCloud Mail “does not use end-to-end encryption because of the need to interoperate with the global email system.” Like Google, Apple’s native email clients support optional S/MIME for message encryption, but it requires a bit of setup.
As noted by Bleeping Computer, Google already offered end-to-end encryption for Drive, Docs, Sheets, Slides, Meet, and Calendar, but it wasn’t previously available for Gmail. Google says end-to-end encryption “ensures sensitive data in the email body and attachments are indecipherable to Google servers. Customers retain control over encryption keys and the identity service to access those keys.”
Customers need to apply for beta access to test the new feature. To turn on end-to-end encryption, beta users can go to Security > Client-side encryption, then click Gmail and select the group submitted in their Gmail CSE enrollment form.
In a support document, Google says the sender and all recipients must have end-to-end encryption turned on and valid certificates. The sender can’t send the email if any recipients are missing a valid certificate.