Gmail v7.2 Prepares to Add Support for S/MIME Enhanced Encryption

We may earn a commission for purchases made using our links.

If there’s one lesson everyone learned thanks to a certain high profile election, it’s the importance of e-mail security.

Gmail is the most widely used e-mail service in the world, and thanks to Google’s stranglehold on smartphones, its Android application is perhaps the most common way people read and send their e-mails. Thus, it is critical that we keep our data safe and secure from would-be thieves, whether it be through the use of a secure lockscreen method, keeping our phones up to date to avoid exploitation, and finally avoiding sending any important information over unsecured networks.

Unfortunately, even if you yourself do your due diligence in keeping your private data safe, you can’t guarantee that other people you correspond with are doing the same. If another person’s e-mail account is hacked, how do you know that the person messaging you is actually them and not a malicious third-party? While you might be able to recognize obvious spam from a hacked account, more malicious, sophisticated attempts might be harder for you to detect. If your friends and family start using S/MIME certificates in their outgoing messages, you will know that it was them who actually sent the e-mail.

S/MIME is an enhanced level of e-mail encryption that is available on the web-based version of Gmail, and it is indicated by the green padlock symbol on messages. For a while, users of the Android app could only send messages over the default TLS encryption (enabled by default), but in version 7.2 of the Gmail application, it appears that support for sending messages with this enhanced S/MIME encryption may soon be supported.

Although a teardown can provide valuable information regarding upcoming features, it is entirely possible that these features may not make their way into the final product. Do not take these teardowns as proof that a feature will be added, but rather as a hint of what could be coming.

Enhanced Encryption with Gmail

Hidden within the APK file of the latest Gmail update are a bunch of strings that clearly point to the inclusion of S/MIME encryption support.

Enhanced Encryption (S/MIME) Support <string name="fz_enhanced">Enhanced encryption (S/MIME)</string> <string name="fz_signature">Verified email address ^1</string> <string name="fz_signature_missing">The digital signature is missing.</string> <string name="fz_more_info">More info</string> <string name="fz_from_details_title">Digital signature</string> <string name="fz_from_details_row1">Issuer:</string> <string name="fz_from_details_row2">Validity:</string> <string name="fz_from_details_column2" formatted="false">%s - %s</string> <string name="fz_dialog_title_initial">Gmail protects your messages during delivery</string> <string name="fz_dialog_message_initial">As you add people to this message, this icon will let you know your message is secure. ^1</string> <string name="fz_dialog_title_enhanced">Your message will be secure during delivery</string> <string name="fz_dialog_message_enhanced">"All recipients use services that support enhanced encryption. With enhanced encryption, your message can't be read until delivered to recipients' inboxes. ^1"</string> <string name="fz_dialog_title_standard">Your message will be sent with regular security</string> <string name="fz_dialog_message_standard">All recipients use services that support standard encryption. ^1</string> <string name="fz_details_header_enhanced">Enhanced encryption supported</string> <string name="fz_details_header_standard">Standard encryption supported</string> <string name="fz_details_header_message">No recipients</string> <string name="fz_details_supported_message">Supported by %s</string> <string name="fz_details_header_settings">Encryption and signature</string> <string name="fz_details_settings_e_title">Enhanced encryption</string> <string name="fz_details_settings_e_subtitle">With digital signature</string> <string name="fz_details_settings_s_title">Standard encryption</string> <string name="fz_details_settings_s_subtitle">No digital signature</string> <string name="fz_cert_error_0">Certificate is invalid</string> <string name="fz_cert_error_3">Certificate expired on %s</string> <string name="fz_cert_error_4">Certificate was revoked on %s</string> <string name="fz_failure_title">This message could not be decrypted.</string> <string name="fz_failure_subtitle_user">Please check your settings on desktop Gmail to confirm that your private key has been uploaded.</string> <string name="fz_failure_subtitle_admin">Please contact your administrator to confirm that the proper keys have been set up correctly.</string> <string name="fz_icon_content_description_standard">Message encrypted.</string> <string name="fz_icon_content_description_enhanced">Message enhanced encrypted.</string>

As you can see, Gmail will show when all recipients support S/MIME encryption (or when they don’t). This will be shown by the aforementioned green padlock icon, similar to what is shown on the desktop Gmail. When you first send an enhanced encryption message, you will see a dialog letting you know that S/MIME is being used. If your certificate is invalid, expired, or revoked, you will also be notified of this. For now, private keys will still have to be uploaded by your network administrator on the desktop Gmail app.

A couple of new layout files have also been added in this update, which rule how this feature will be implemented in the app. They are fz_details.xml, fz_failure.xml, fz_details_item.xml, fz_details_divider.xml, and fz_failure_background.xml.

We’ll keep on the lookout for hints at upcoming features in Google app updates as they roll out, so keep an eye out on our portal for more APK teardowns.