The Google Authenticator feature recently added to allow cross device synchronization of 2FA secrets was analyzed and found not end-to-end encrypted. This means Google can see the secrets + the online services associated with those even while stored on their servers. No option to secure this at the moment.
Discussion
What are some good options to replace google auth?
https://github.com/raivo-otp/ios-application for iOS
https://getaegis.app/ Aegis for Android or andOTP https://github.com/andOTP/andOTP
Thanks for sharing. Syncing data across devices is heavily overrated in my view and often just creates unnecessary vulnerabilities. I have an authenticator app on my phone and back up the secrets manually to an offline location whenever I add a new account. It's not that much of an inconvenience and I like the extra control and assurance that the app isn't phoning home anywhere.
💯 I too use Ravio and export the 2FA secrets in an encrypted zip file using the app itself. I have setup an automated script to back it up occasionally with shortcuts to my backup drives.