Android/iOS version of the Google Authenticator app has recently released a version 4.0 update, which introduces the cloud synchronization backup function. Google responded after Mysk security experts discovered that the feature did not enable end-to-end encryption.
Security researchers at Mysk report that syncing Google Authenticator keys across devices is not end-to-end (E2E) encrypted. This means that it is easier for attackers to compromise your Google account and launch subsequent attacks.
Google then sent a statement to CNET:
End-to-end encryption (E2EE) is a powerful feature that provides additional protection, but at the cost of users being unable to recover their own data after turning it on.
We will provide corresponding options according to user needs in the future to provide E2EE support for Google Authenticator.
