### Unpacking Stella’s Hidden Facial Recognition Capabilities: A Deep Dive into Smart Glasses Privacy
This blog post takes a close look at the recent discovery of a dormant end-to-end facial recognition pipeline inside Meta’s Stella companion app. Security researcher Buchodi found it lurking in the software for Ray-Ban and Oakley smart glasses.
We’ll break down what was uncovered, poke at the privacy questions it raises, and see how Meta responded.
## The Dormant Pipeline: A Technical Breakdown
Buchodi, who works under a pseudonym, dug into version 273.0.0.21 of the Stella app. They found a surprisingly advanced, though inactive, facial recognition system embedded right inside the Android app.
This kind of find makes you wonder about the direction of smart wearable tech and what it means for privacy.
### Under the Hood: The AI Models and Database Structure
Buchodi spotted several pieces in the Stella app’s code that would let it recognize faces. Meta delivered these parts through its asset system, which suggests this wasn’t just a random experiment.
* **On-Device AI Models:** The app came with three important AI models.
* *SCRFD* handled the first step: face detection. It picked out human faces in images or video.
* *KPSAligner* took those faces and aligned them, so the app could process them more accurately.
* *SFace* was a hefty model that created 2,048-dimension biometric vectors. Basically, it turned a face into a unique digital fingerprint.
* **The SQLite Person Profiles Database:** Alongside the AI, there was a structured SQLite database called `person_profiles`.
* One table stored those 2,048-float vectors, matching what SFace produced.
* This table used cosine-similarity search, which lets the app quickly compare a new face to ones already saved.
* **Saving Unmatched Faces:** The app had a way to save face crops and their biometric vectors into a folder named *NameTagsPending*. This looks like a system for collecting faces that didn’t match anything in the database right away.
### The “Recognition” Trigger: Notifications and Deep Links
If the facial recognition pipeline found a match (which Buchodi managed to trigger locally), the app would fire off an Android notification. That popped up on a channel called `nametags_recognition` with the message “Person recognized.”
It also included a deep link, meant to take users to a person-profile screen that doesn’t actually exist yet. That’s a bit odd, honestly.
## Beyond the Code: Potential Implications and Meta’s Stance
Buchodi pointed out an important difference: just because code sits on your device doesn’t mean the feature is turned on. Still, it’s hard to ignore how easily this pipeline could be switched on remotely.
The code additions date back to January 2026, according to WIRED. These advanced models were shipped out to devices before anyone said a word publicly.
With over 50 million downloads, that’s a lot of devices that could get this feature with a simple update.
Meta tried to calm nerves with an official statement. They said this just shows their team exploring ideas, and that nothing is active for users.
Meta also denied building any secret central biometric database. Buchodi didn’t find evidence of facial data being sent to the `person_profiles` namespace on servers.
Still, the way the database is set up for RLDrive syncs and the sheer number of app installs leaves the future wide open. It’s tough not to wonder where things might go from here.
### A Precedent of Privacy Concerns
This discovery comes at a time when Meta’s history with biometric data is still fresh in people’s minds. Back in 2021, the company deleted a billion faceprints and faced some hefty settlements over privacy violations.
Lawmakers have started paying closer attention. They’re asking questions about what Meta plans to do next with facial recognition technology.
The power baked into smart glasses is honestly a little unnerving. With tens of millions of installations and millions of devices sold, Meta could enable this feature on the server side with barely a warning.
That possibility makes transparency and strong privacy protections feel more urgent than ever as wearable tech keeps pushing forward.
Here is the source article for this story: Meta’s smart glasses companion app was downloaded more than 50 million times before anyone disclosed that it already contained three AI models capable of detecting a face, generating a biometric fingerprint, and firing a notification that read ‘Person Recognized’