James House-Lantto (He/Him)TL:DR
Google Authenticator is adding Account syncing of OTP/2FA codes. The problem is this Sync is not end-to-end Encrypted.
Also Google Authenticator QR codes contain website & account names.
Meaning if someone intercepts the data in transit, or gets access to your google account, they have full access to all your 2FA.
Security Experts Object to Google Authenticator’s New Syncing Feature
The latest Google Authenticator update adds account synchronization—essentially, you can now save one-time passwords to your Google account, which may come in handy if lose or upgrade your phone. But, oddly enough, security researchers aren’t happy with this highly-requested feature.