Meta Quietly Added — Then Removed — Face-Recognition Code From Its Smart Glasses Platform
Meta Quietly Added — Then Removed — Face-Recognition Code From Its Smart Glasses Platform
Meta removed face-recognition code from its Ray-Ban Meta smart glasses platform on or around June 8, 2026, after WIRED identified the unreleased feature embedded in the companion app. Engadget corroborated the removal the same day. The code had not been surfaced to users and was not listed among the device's documented capabilities — but its presence in the app's codebase was enough to prompt Meta to act once the story became public.
What Was Found, and Where
The face-recognition code sat in Meta's AI Glasses companion application as an unreleased, dormant feature. Its discovery followed the kind of teardown or static analysis work that has become a standard beat in consumer tech reporting: researchers and journalists routinely audit app packages for strings, class names, and API references that signal what a platform intends to do before it does it. The Ray-Ban Meta AI Glasses already surface Meta AI for real-time information, suggestions, and reminders via the camera pipeline — meaning the underlying architecture for continuous visual input and cloud inference is already in place. Adding a face-recognition layer on top of that pipeline would be, architecturally speaking, a short path.
Nothing in Meta's published privacy documentation for the AI Glasses references face recognition as a current or planned feature; the privacy page describes protections that remove key identifiable information when the camera is used for AI features. The gap between what the privacy documentation said and what the code implied is precisely what made the WIRED finding newsworthy.
The Removal
Meta's response was swift and quiet in equal measure — the code was stripped from the app without a public statement explaining why it had been there or what its intended purpose was. That pattern of silent rollback, rather than proactive disclosure, is itself worth noting. Companies operating under heightened regulatory scrutiny — and Meta, with its history before the FTC and various EU data-protection authorities, clearly qualifies — routinely face the question of whether unreleased features in production codebases trigger any disclosure obligation. In most jurisdictions the answer today is no, provided the feature is never activated. But "never activated" is a harder claim to sustain once the code is publicly identified and the company's response is to remove rather than explain it.
The Ray-Ban Meta device does include a physical power toggle — pressing and holding the button for three seconds turns the glasses on or off — and Meta has framed hardware controls as a meaningful privacy safeguard. Whether a user-accessible power switch constitutes adequate protection against a hypothetical always-on facial identification pipeline is a question regulators in both the US and EU have been circling for years without resolution.
Why Face Recognition on Wearables Is a Different Problem
Face recognition deployed on a smartphone requires a user to consciously open an app and point the camera. Face recognition embedded in a form factor people wear continuously — and that their social circles cannot easily detect is a camera — represents a structurally different threat model. The asymmetry is the core issue: the person wearing the glasses controls identification silently; the person being identified has no reliable way to know it is happening and no recourse in real time.
This is not a hypothetical concern assembled for effect. The Harvard students who built I-XRAY in late 2024 — a proof-of-concept pipeline that used Meta's own Ray-Ban glasses, a live stream, and a face-recognition API to deanonymize strangers in real time — made the architectural argument concrete. That demonstration did not involve any code internal to Meta's platform; it assembled publicly available components. The existence of face-recognition code inside Meta's own app suggests the company was at minimum prototyping that capability natively.
We have been here before. When Google Glass launched in 2013, Google explicitly prohibited face-recognition apps on the platform after a public backlash, a decision that was widely read at the time as a concession to social acceptability rather than a settled technical or legal principle. The prohibition did not survive the product itself, which failed in the consumer market. Smart glasses are now back, this time with a mass-market form factor and tens of millions of users, and the face-recognition question has returned with them — still without a legal framework that matches the technology's capabilities.
Meta's Stated Privacy Posture vs. In-Product Reality
Meta's official Ray-Ban Meta AI Glasses privacy page describes a framework centred on removing key identifiable information from the AI feature pipeline. That is a meaningful protection if implemented correctly and audited independently — neither of which is publicly verifiable from outside the company. The presence of dormant face-recognition code does not, on its own, prove those protections were being circumvented or that Meta intended to activate the feature without consent. But it does create a credibility gap that documented privacy protections alone cannot fully close.
For enterprise IT and security teams managing device policies, the incident adds a concrete data point to an already complicated procurement question. Ray-Ban Meta glasses are increasingly present in corporate environments — worn by employees who may be using them for productivity features — but the device's camera, AI pipeline, and app-side codebase are not auditable by corporate IT in the way that, say, an MDM-managed smartphone profile is. The lack of enterprise-grade telemetry transparency is a structural gap, and incidents like this one tend to surface that gap for buyers who had not yet examined it closely.
What Happens Next
Meta has not publicly explained the provenance of the face-recognition code, the timeline of its development, or whether it will reappear in a future release with explicit user consent mechanisms. Those are the three questions that matter most to privacy researchers, regulators, and the broader developer community building on Meta's glasses platform.
The EU AI Act, which began phasing in enforcement in 2025, prohibits real-time remote biometric identification in public spaces except under narrow exemptions. Whether dormant code in a consumer app triggers any notification or assessment obligation under that framework is exactly the kind of edge case that regulators and compliance teams will be working through. In the United States, no equivalent federal framework exists, though Illinois BIPA and similar state-level biometric privacy statutes could apply depending on where data is processed and stored.
The optimistic read — and there is one — is that the system worked as intended at a basic level: independent reporting surfaced an undisclosed capability, the company removed it under public scrutiny, and the episode will likely sharpen both regulatory attention and Meta's own internal release governance for features touching biometric data. That is accountability of a kind, even if it arrived reactively rather than by design.
The harder question, which the industry has not answered since Glass, is what governance model should govern face-recognition capabilities in wearables before they ship — not after a journalist finds the code.
