I'm not a fan of 2FAS because it harvests
way more data than it needs to. (And actually, for a 2FA app, the amount of data it requires about you or your device is exactly zero. All it needs to do is scan QR codes and then combine them with the time and hash them. Zero data required.)
Take a look at its Privacy Policy here:
https://2fas.com/privacy-policy/They collect a lot of information about your device, your email address, records of your usage, drop cookies on you, share your data with Google Analytics, etc. Completely unnecessary and unwanted.
Compare this to the best in class privacy policy from Aegis:
https://getaegis.app/aegis/privacy.html5000 words for 2FAS, versus 10 for Aegis. "Aegis Authenticator does not collect any data from your device."
What you said is true, I have spent some time researching, and as far as I know, 2FAS is a closed source application, and they just switched to open source in the last 2 months. So it's unsurprising that they collect user data like Google or Authy. I didn't know this for a long time, I just installed Aegis and will moved all the data over the weekend.
I wonder one thing, these open source applications do not collect any user data, which means they will not have the funds to maintain and develop the application in the long run. At some point, if it stops working, will our data still be safe?