Researchers detail how Android apps can steal one-time 2FA codes from Google Authenticator by taking screenshots, a flaw that was first disclosed in 2014 (Catalin Cimpanu/ZDNet)

Catalin Cimpanu / ZDNet:
Researchers detail how Android apps can steal one-time 2FA codes from Google Authenticator by taking screenshots, a flaw that was first disclosed in 2014  —  Google Authenticator app lets other apps take screenshots of its code.  Issue was first reported to Google in October 2014, but it was never addressed.