Meta Smart Glasses App Contains Fully Built — But Currently Dormant — On-Device Facial Recognition System
Security researcher “buchodi” has discovered a complete facial recognition pipeline sitting inside the Stella Android app, the official companion application for Meta’s Ray-Ban smart glasses. The stack is fully assembled, wired together, and capable of running end-to-end on the device — yet it remains inactive on regular user accounts.
What Was Found
- Three on-device AI models** delivered via Meta’s asset system:
- SCRFD (`android_facerec_scrfd.pte`) — face detection;
- KPSAligner (`android_facerec_kps_aligner.pte`) — face alignment and cropping;
- SFace (`android_facerec_sface.pte`) — 2048-dimensional biometric embedding generation.
- A local SQLite database with a cosine-similarity vector index (`face_mediaPath_vec`) built on 2048-dimensional embeddings.
- Dedicated storage paths for writing biometric data to disk (`NameTagsPending/` folder), including cropped face images and their embeddings.
- A ready-to-use Android notification channel (`nametags_recognition`) that can display “Person recognized” alerts with the person’s name.
The entire pipeline runs locally using ExecuTorch models and does not require constant cloud connectivity for inference.
The Pipeline in Action
- Detected the face using SCRFD.
- Aligned and cropped it with KPSAligner.
- Generated a 2048-dimensional embedding with SFace.
- Compared it against the local vector database using cosine similarity.
- On a match → triggered the notification “Person recognized”.
- On no match → saved the cropped image + embedding pair to the `NameTagsPending` folder for later processing.
The system is clearly designed to support name tagging of people the glasses (or phone) encounter.
Currently Dormant, But Fully Ready
- No user-facing “Connections” or name-tagging UI elements appear.
- The relevant database namespace (`person_profiles` under RLDrive) contains no data.
- The notification deep-link points to a screen that doesn’t exist in the current app version.
However, the complete technical infrastructure — models, database schema, storage paths, and notification system — is already present and functional. This strongly suggests the capability can be activated remotely, most likely through a **server-side feature flag** controlled by Meta.
Possible triggers mentioned in the analysis include:
- Account-level enablement (e.g., after a user enrolls faces).
- Geolocation-based activation.
- Gradual server-side rollout.
Why This Matters
The researcher concludes that the system is “not secret identification today,” but the apparatus is clearly ready. Activation would likely require Meta to push person profiles to the device and enable the corresponding UI.
Also read:
- UK Regulator Forces Google to Give Publishers Opt-Out from AI Overviews
- Microsoft Unveils Its First In-House Advanced Reasoning Model: MAI-Thinking-1 and the Broader MAI Family
- Microsoft Launches Web IQ: A “Search Engine for AI Agents” Built on Bing
- Meta’s AI Support Bot: When “Fixing” Chaos Creates Even Bigger Chaos
Bottom Line
If you’ve ever felt paranoid about smart glasses potentially recognizing people around you, this finding shows that the technical foundation for such a capability already exists inside the companion app. It is currently switched off for regular users, but the code is there — waiting for a server-side signal.
As the researcher wryly notes: even if you have paranoia, it doesn’t mean Meta isn’t watching (or at least preparing to watch).
The full technical breakdown and reproducible steps are available in the original research post.
Subscribe to our newsletter
Get the latest Web3, AI, and crypto news delivered straight to your inbox.