In a few words:
- These files come from unofficial sources.
- People say these files are safe and I never had issues with them, but I cannot assure you they are safe.
- Use at your own risk. Don't blame me if something bad happens.
Is this port safe?
This is a Google Camera app modified by people like BSG, Arnova8G2, Ivanich, etc, and shared by them on forums like XDA Developers and 4PDA. It's based on the Google Camera app available through the Play Store for Nexus and Pixel users. Some developers take the original apk and do their own modifications (eg: BSG) and others try to improve the work from others (eg: Ivanich improving BSG's versions to work on the OnePlus 3).
Some antivirus will "complain" about these files. If you upload one of the files to VirusTotal you will notice that at least one virus engine
- now Babable - flags the file as a PUP (potentially unwanted program). Even the apk shared on XDA's website is flagged, but according to them it's safe: WhiteArmour
We independently confirmed the safety of the APK file thanks to Amir Zaidi who is the developer of the rootless Pixel Launcher app that brings the Google Now panel to unrooted devices. He published a full diff, using APKTool, of the small changes that were made to the app to see if there was any malicious insertions to the APK file. We found none of the sort, and can confirm that it is safe to install.
It seems that
WhiteArmour Babable is a Chinese company that uses machine learning and AI to detect malicious software (according to this). Because I've never heard of them before and they are the only one out of +60 to flag these files, I'm tempted to say that this is a false positive. Either that or they are better than everyone else.
Because I don't know how these virus engines work, I also have no idea why Babable flags these apks. It seems that if a public/free signing key is used, some engines flag the file because the same key was used before by malicious apps, even if the apk file itself is clear.
I've scanned my phone multiple times with Google Play Protect and it never detected anything malicious, but how accurate is Play Protect?
I've noticed that sometimes Google Chrome displays a warning about the safety of these apks when we download a file. I don't know why this happens as we can download the same file via Google Drive and Chrome doesn't complain about it.
It's up to you:
It's important to understand that these files don't come directly from Google. Modifications are done by people that could, if they wanted to, add malicious code. There are risks when installing apps from the internet. Download and install only if you understand the risks.