Nightwatch Cybersecurity recently issued a report which reveals that the Google Authenticator app for Android devices comes with an unfixed issue which could create a security nightmare in case you have shady apps installed. The same issue exists in the Microsoft Authenticator app.
By the time of publishing this article, neither of the apps use Android’s FLAG_SECURE setting which prohibits other apps including yourself from taking screenshots. You can try to take a screenshot to be certain. On an app like Authy, this function is disabled.
Google is expected to fix the issue but Authy is a much better app for managing your 2FA codes. Deploying it on multiple devices is easy. Once you’ve installed it on your primary device, all of your 2FA codes will be synced in new/additional devices.
If you don’t wish to use Authy for some reason, do test whether your authenticator app allows you to take screenshots or not. If yes, it’s time to move elsewhere for safer use.
