Encrypted email on your Android phone

In a previous blog I covered setting up encrypted email on Windows using OpenPGP and Thunderbird. In this blog I'm going to cover setting up encrypted email in Android using K9 Mail and Android Privacy Guard (APG). Getting setup on Android is a lot more straight forward than it was on Windows and we should be up and running with encrypted email across both of your devices in no time!

The Apps

First of all you need to install APG and K9 Mail from Google Play, both of these applications are free to download and use. For now, just setup your email account in K9 Mail so that's it up and running. For most of the main email providers, K9 will normally auto-detect all of the settings required and you can usually get away with just entering your username and password for the mail account. For any custom mail accounts, just go through the setup process as usual and enter the details required.


Setting up APG

Fire up APG and as you have already created your public and private key pair when setting up Thunderbird in the previous blog, you can skip the creation process and jump straight to importing your existing keys. You can either copy them to the storage on the phone via the USB cable or use your MicroSD card to get them onto the device. This needs to be the file that contains both your public and private key that you exported during the steps in my previous blog.

Import keys


Once the keys have been imported, that's pretty much it! You can import any other public keys that you may already have for other people, but you're now ready to send and receive encrypted emails from your Android device.


K9 Automatic Integration

K9 will automatically detect that you have APG installed and have imported your keys and presents the options to encrypt or sign emails without any configuration.

Compose Email


To test it out you can send yourself an email, select the encrypt option and hit send. You should then receive your encrypted email.

Received Email


When you open an encrypted email, simply hit the decrypt button and insert the passphrase for your key.

Key Passphrase


Once you hit OK, the email will be decrypted and you can view the contents as normal. Admittedly, this is a rather dull email, but my email signature was sent safe and secure!

Decrypted Email


In Closing

That's really all there is to it. You can now send encrypted emails to and from your Android device without worrying about them being intercepted or tampered with whilst zooming across the internet. Even your email host won't be able to take a sneak peak at what's inside your emails as they handle them. The contents of the message are encrypted from the moment they leave your device to the moment that the recipient decrypts them. True end to end encryption.



Short URL: https://scotthel.me/pgpdroid

Author image
About Scott
Researcher, blogger and international speaker. I'm the creator of report-uri.io and securityheaders.io, free tools to help improve online security.