Helix vs Pegasus
This isn't app-versus-app. Pegasus is the most infamous mercenary spyware on the planet — and it's built to beat the phone in everyone else's pocket: stock iOS and stock Android. The Helix Hardened Phone runs GrapheneOS, the one mobile platform their toolkit wasn't made for, with Helix's own-protocol comms on top. New to Pegasus? Read how Pegasus actually works.
| What Pegasus wants | How Helix denies it |
|---|---|
| Read your message content | Triple-layer, post-quantum encryption. Even captured ciphertext stays unreadable — today and against future quantum computers. |
| Map who you talk to (metadata) | Randomized multi-hop onion routing. No single node — and no third party — ever sees both ends of a conversation. |
| Exploit known, off-the-shelf software | Our own protocols and our own encryption. There's no standard component sitting there waiting for a public exploit. |
| Reach you to deliver a payload | A closed network. No phone number, no public account, no inbound surface for a stranger to target. |
| Harvest data through the cloud or a provider | No third-party servers, no cloud backups. Your data lives only on devices you control. |
| Feed your data to analysis at scale | AI-proof and harvesting-proof: no telemetry, no machine-learning SDKs, no model ever sees your words, voice, video or files. |
| Find evidence on a seized device | A hidden app, plausible deniability, and a one-tap burn that leaves nothing behind. |
| Implant the device itself | Run the Helix Hardened Phone — GrapheneOS. Pegasus is built for stock iOS and Android; GrapheneOS breaks its exploit chains, and there is no public, confirmed case of Pegasus ever compromising it. |
Why "encrypted apps" aren't enough against Pegasus
Pegasus doesn't waste time attacking good encryption — it goes around it, by taking over the device. Once it owns the phone, it reads what you read, sees what your camera sees, and lifts messages straight off the screen, no matter how strong the app's crypto. That's why mainstream "encrypted" messengers, built on shared components and tied to phone numbers and clouds, are soft targets: there's a known surface to exploit and a way to reach you.
Helix attacks the problem from the other direction. We remove the reachable surface (closed network), remove the off-the-shelf parts an exploit relies on (our own protocols), remove the third parties and clouds that can be compelled or breached, remove the metadata that betrays you even when content is safe, and — when the device itself is the threat — give you a hardened handset that was never an easy target to begin with.
Why GrapheneOS shuts Pegasus down
Here's the part nobody at the spyware vendors wants you to understand. Pegasus — Pegasus 1, Pegasus 2, and every mercenary clone — is built, tested and sold to attack the phones almost everyone carries: stock Apple iOS and stock Android. That's where the targets are, so that's where the multimillion-dollar exploit chains are aimed. Their entire business depends on the mass-market platform behaving in known, exploitable ways.
The Helix Hardened Phone runs GrapheneOS — a hardened, security-first Android built by people whose entire mission is defeating exactly this class of attack. It is a different machine under the hood:
- A hardened memory allocator and exploit mitigations that neutralize the memory-corruption techniques Pegasus chains are built on — the same bug often simply doesn't lead anywhere.
- A drastically reduced attack surface: no Google Play Services in the trusted base, locked-down components, and far fewer of the always-on parsers that zero-click exploits abuse.
- A hardened kernel and stricter sandboxing that break the sandbox-escape and privilege-escalation steps a working implant needs.
- Verified boot and a clean, controlled software base — nothing pre-loaded for an attacker to lean on.
The result is a platform that the commercial spyware industry is not built to beat. Their exploits assume stock behavior; on GrapheneOS those assumptions fail, the chain falls apart, and — to date — there is no public, confirmed case of Pegasus successfully compromising a GrapheneOS device. Vendors don't meaningfully target it: the user base is small, and the platform is openly hostile to their methods. For someone who is genuinely afraid of Pegasus, that is the difference between a phone that was designed for their attack and one that was designed against it.
Put Helix's own-protocol, post-quantum, closed-network comms on top of that platform, and you have removed every practical path Pegasus relies on: nothing to reach you, nothing off-the-shelf to exploit, no metadata to harvest, no third party to compel — running on the one mobile OS their toolkit wasn't made for.
And you don't have to buy hardware from us. GrapheneOS is free and open-source. If you already run it — or want to flash it yourself onto a supported Pixel — just install Helix on your own GrapheneOS phone and you get the exact same protection. Bring your own device, no questions asked. The Helix Hardened Phone exists purely for people who'd rather receive it locked-down and ready, with Helix pre-installed and verified, shipped discreetly worldwide. Same destination; buying from us is just the done-for-you option.
Afraid of Pegasus? Pegasus 2?
Then you're precisely who we built this for. Understand the threat in depth — read our 3,800-word breakdown of how Pegasus works, why it exists, and who it targets — then come back and lock yourself down.