Bottom line: Meta installed facial recognition with three AI models and local biometric storage in the Ray-Ban glasses app and disabled it via server command—without informing users.
Security researcher Buchodi discovered a fully functional but deactivated facial recognition stack with three machine learning models in Meta’s Stella app for Ray-Ban and Oakley smart glasses. The infrastructure already sits on millions of smartphones without users knowing about it.
When decompiling the Android application, Buchodi found three specialized AI models: one for facial recognition in the video stream, one for extracting and aligning facial regions, and one for converting visual data into a 2048-dimensional biometric vector. These vectors enable precise facial comparisons and local database queries via cosine similarity search. Unknown faces are stored in a local folder called “NameTagsPending” and persist even after device restarts. The app already contains a notification channel called “NameTags recognition”.
To verify functionality, Buchodi manipulated the app logic and manually triggered a recognition process. He fed a biometric vector from a public domain portrait photo of philosopher Michel Foucault into the system. The pipeline processed the image flawlessly, generated the vector, compared it to the local index, and triggered an Android system notification with the name. This proves that all components are interconnected and operational.
Relevant for CISOs: The infrastructure is currently disabled and can only be activated through server-side control by Meta. This means that millions of end-user devices with biometric processing enabled represent a privacy and security risk. Particularly critical are the local storage of biometric data without user consent and the lack of transparency.
Meta publicly announced in 2021 that it would discontinue facial recognition on Facebook and deleted over one billion stored facial profiles. The company paid $650 million in damages in the U.S. state of Illinois and $1.4 billion in additional litigation regarding violations of biometric privacy laws. The current discovery contradicts this public commitment.
Source: www.it-daily.net · Published June 7, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.