Meta’s Smart Glasses Companion App Was Downloaded More than 50 Million Times Before Anyone Disclosed that It Already Contained Three AI Models Capable of Detecting a Face, Generating a Biometric Fingerprint, and Firing a Notification that Read ‘Person Recognized’

The discovery of a fully‑fledged facial‑recognition stack inside Meta’s Stella app marks a rare glimpse into the company’s behind‑the‑scenes engineering for its smart‑glasses ecosystem. The Android build (v273.0.0.21) bundles SCRFD for detection, KPSAligner for facial key‑point alignment, and an oversized SFace model that produces 2048‑float embeddings. Coupled with a local SQLite store and a cosine‑similarity search, the pipeline can generate a notification that reads “Person recognized,” even though the user‑facing UI remains hidden. This level of on‑device processing suggests Meta is preparing for a seamless, low‑latency identification experience that could operate without server round‑trips.

From a privacy standpoint, the silent inclusion of such technology raises red flags. Meta has previously settled major biometric‑privacy lawsuits—$650 million in Illinois and $1.4 billion in Texas—after being accused of harvesting faceprints without consent. State statutes define biometric identifiers broadly, and the presence of a write‑path that stores unrecognized faces in a “NameTagsPending” folder could be interpreted as collection, even if the feature is not actively turned on. Consumer‑privacy advocates argue that shipping dormant code without disclosure breaches the spirit of informed consent, and regulators may view this as a pre‑emptive violation of biometric‑data regulations.

Looking ahead, the activation of the NameTag feature could hinge on a simple server‑side toggle, turning a dormant pipeline into a live service for millions of users. Lawmakers, including Senator Ed Markey, have already requested clarity from Meta on its facial‑recognition roadmap, but the company has offered limited response. Stakeholders should monitor Meta’s next software update, any public statements about rollout timelines, and potential regulatory inquiries in Illinois and Texas. The episode underscores a broader industry tension: balancing innovative AR capabilities with stringent biometric‑privacy compliance, a challenge that will shape the future of wearable tech deployments.