How do I open encrypted email on Android?

by
How do I open encrypted email on Android

Opening encrypted email on an Android device requires installing an email app that supports encrypted email protocols like S/MIME or PGP. The default Android email app does not support encrypted email, so a third-party encrypted email app needs to be downloaded from the Google Play Store.

What is encrypted email?

Encrypted email uses cryptographic protocols to protect the contents of an email message as it travels between sender and recipient. This prevents the email contents from being read by unauthorized parties if the message is intercepted. The two main encryption protocols used for email are:

  • S/MIME (Secure/Multipurpose Internet Mail Extensions) – Uses public-key cryptography to encrypt messages. The sender needs the recipient’s public key to encrypt the message and the recipient uses their private key to decrypt it.
  • PGP (Pretty Good Privacy) – Also uses public-key cryptography. PGP can encrypt the message body, attachments, and email headers.

On Android, third-party email apps like K-9 Mail and PGP Android support S/MIME and PGP encryption. The set up process varies by app but typically involves creating a public/private key pair and exchanging public keys with contacts.

Why use encrypted email on Android?

There are several reasons why you may want to use encrypted email on an Android device:

  • Privacy – Encrypted email protects the confidentiality of your messages from potential eavesdroppers.
  • Security – Encryption prevents tampering with message contents and verifies the sender’s identity.
  • Compliance – Some industries like healthcare require the use of encrypted email.
  • Sensitive information – Encryption provides an extra layer of protection for sensitive personal or work data.

Android’s default email client does not support encryption. So a third-party encrypted email app is necessary to enjoy the benefits of encrypted email on an Android device.

Choosing an encrypted email app for Android

Here are some top encrypted email apps for Android to consider:

K-9 Mail

  • Free and open source app
  • Supports PGP and S/MIME encryption
  • Compatible with common email providers like Gmail
  • Advanced features like per-folder encryption keys

PGP Android

  • Based on the open-source PGP encryption standard
  • Free basic version available
  • Can encrypt subject lines as well as message body and attachments
  • Supports digital signatures and encryption key management

ProtonMail

  • Provides a free @protonmail.com encrypted email account
  • Has paid options for more storage and features
  • End-to-end encryption with zero access encryption
  • Self-destructing messages

Tutanota

  • Free and paid accounts available
  • Automatic end-to-end encryption
  • Can send encrypted emails to non-Tutanota users
  • Based in Germany with strong privacy laws

All of these apps are available for free or cheap on the Google Play store. Check reviews and consider paid versions if you need expanded features.

Setting up encrypted email on Android

Once you select an encrypted email app, the basic setup steps are:

  1. Download and install the app from the Play Store
  2. Follow the app’s setup wizard
  3. Choose a password for protecting your encryption keys
  4. Generate a public/private key pair
  5. Add email accounts you want to encrypt
  6. Import or exchange public keys with recipients
  7. Compose a test encrypted message and send it to yourself

Different apps may have slightly different methods for managing keys and making sure recipients’ public keys are available. But in general, the process involves creating keys, connecting email accounts, and linking your contacts to their public keys.

Key generation

Encrypted email relies on public key cryptography. This involves creating a matched set of public and private keys. The public key can be shared openly while the private key must be kept secret. Here’s how they’re used to send encrypted email:

  1. Sender composes email and encrypts it using recipient’s public key
  2. Encrypted message can only be decrypted by recipient’s private key
  3. Recipient decrypts message with their private key and reads it

The apps guide you through the key generation process. You’ll typically tap a button to generate keys, enter a password to encrypt the keys, and then have the option to back up your keys.

Adding email accounts

Most encrypted email apps can work with existing email accounts like Gmail or Outlook. You just need to add the account within the app’s settings. This links the account to your encryption keys. Some apps may require adjusting settings on the account provider side to enable third-party encryption apps.

Exchanging public keys

To send encrypted email, you’ll need to obtain and verify recipients’ public keys. Apps provide options to import or export keys so they can be attached to emails and exchanged with contacts. Some apps can also sync public keys across devices.

It’s important to verify keys to ensure they actually belong to the intended recipient. Key exchanges should be done over a secure channel. Encrypted apps provide tools to compare key fingerprints or QR codes when physically sharing keys.

Encrypting and decrypting messages in Android

Once configuration is complete, encrypting messages is straightforward:

  1. Compose a new email within the encrypted email app
  2. Make sure the recipient’s public key is available
  3. Tap the encrypt button (usually an icon with a padlock)
  4. The message will now encrypt before sending

To read encrypted messages:

  1. Open the encrypted message within the email app
  2. If prompted, enter your private key password
  3. The app will decrypt the message for you to read

Encrypting emails on Android does add a few extra steps compared to plain email. But with apps that integrate tightly with the Android system, the process can feel fairly seamless after some initial configuration.

Encrypting stored email messages

In addition to encrypting messages in transit, many encrypted email apps provide options for encrypting messages when they are stored locally on your device. This adds an extra layer of security against unauthorized access.

Different encryption options include:

  • Per-message encryption keys – Each message is encrypted separately with a unique key
  • Per-folder encryption keys – Single key secures an entire folder
  • Zero-access encryption – Messages are encrypted locally before syncing with server

Encrypted apps make it easy to enable these features by toggling the appropriate settings. Some may even turn on certain local encryption features by default.

Troubleshooting encrypted email issues

Here are some common troubleshooting steps if you run into problems setting up or using encrypted email on Android:

Can’t find recipient’s public key

  • Ask recipient to re-send their public key attachment
  • Export your public key and email it to recipient to exchange keys
  • Manually import recipient’s public key from backup or keyserver

Encrypted message unreadable

  • Make sure you entered the correct private key password
  • Try decrypting on a different device that also has your private key
  • If keys are lost or corrupted, message cannot be decrypted

Encryption icon missing in email compose

  • Verify account is properly configured within app settings
  • Check that recipient’s public key is associated with their address
  • Try restarting the app or reloading account settings

Attachments not encrypting

  • Confirm app security settings allow attachment encryption
  • Attachment format may not be supported (try PDF, TXT, PNG, etc)
  • Upgrade to paid app version if needed for attachment support

Take advantage of the app developer’s support resources if you continue to have unresolved issues.

Security considerations for encrypted email

While encrypted email improves security, some risks remain:

  • Encrypted email headers are visible – Subject, recipients, senders are unencrypted.
  • Public keys must be verified to avoid MITM attacks
  • Lost keys mean lost access to encrypted messages
  • Email provider could be compelled to hand over encrypted message chunks
  • Local device encryption may still be crackable

For high-risk situations, end-to-end encrypted messaging apps may be more suitable than encrypted email which retains some vulnerabilities.

Conclusion

Adding encrypted email capabilities to an Android device requires installing a third-party app like K-9 Mail, PGP Android, ProtonMail or Tutanota. After selecting an app, generate your encryption keys, connect email accounts, exchange keys with recipients, and start encrypting messages using easy-to-use encryption icons and buttons.

Encrypted email provides much stronger privacy and security than plain email. But users should understand it still has potential weaknesses compared to end-to-end encrypted messaging. With the right app and careful key management, encrypted email allows Android users to protect sensitive communication via email.