Controversial ‘confidential mode’ comes to mobile Gmail, but is it secure?

Earlier this year, Google rolled out some major design changes to Gmail, along with a handful of handy new features. There are potentially more improvements on the way, but first Google has to get everything working on mobile, and the company has taken another step towards that by introducing ‘confidential mode’ to its iOS and Android versions.

Confidential mode, as the name suggests, lets you treat sensitive outgoing email more sensitively. You can have messages self-destruct, to make your life more like a low-budget version of Mission Impossible, or you can make them accessible only to anyone with a specially-generated passcode.

Related: New Gmail

Recipients are limited in what they can do to a confidential mode email − copy and paste is disabled, and there’s no way to download, print or forward the message.

Confidential mode is now available on mobile devices and can help you protect sensitive information from unauthorized access. Learn more about this feature → https://t.co/lmQNElH6C1 pic.twitter.com/Nxtx2yU0pG

— Gmail (@gmail) August 16, 2018

Related: Best VPN

Of course, for the determined, there are obvious ways around this. You could screenshot an email, print it and post copies all around your neighbourhood if you felt so inclined. Google acknowledges this: the point, it says, is to prevent accidental slips in confidentiality rather than to force the untrustworthy to behave, or to somehow make it impervious to malware snooping.

But beyond the limitations that Google acknowledges, the Electronic Frontier Foundation (EFF) has its own doubts about the security of confidential mode.

The first problem is the lack of end-to-end encryption, meaning Google can read your emails as they go. Secondly, although self-destructing messages vanish on the receiver’s end, they live on in the sent folder of the sender, making them more retrievable than some might like.

Thirdly, for those worried about Google’s unnerving knowledge of billions of people worldwide, using the SMS-based passcode may require you to provide a phone number, helping the company learn a bit more about your contacts without their consent.

Related: How to create an anonymous email account

All of these points tie together for the EFF’s main point: confidential mode could provide a false sense of security that users really shouldn’t feel.

“There is nothing confidential about unencrypted email in general and about Gmail’s new ‘Confidential Mode’ in particular,” the group writes. “While the new mode might make sense in narrow enterprise or company settings, it lacks the privacy guarantees and features to be considered a reliable secure communications option for most users.”

Do you agree with the EFF’s analysis, or do you think confidential mode is a useful addition to Gmail? Let us know on Twitter @TrustedReviews.