also it is important that google is working on every exchange
Every 2FA works everywhere. The site has no idea if you are scanning the QR code with Google, Authy, andOTP, Aegis, or any other app. Hell, you could be writing down the shared secret and calculating your code by hand if there wasn't a time limit. The website doesn't know. All it cares about is the code you return.
anyone who have good skill in programming may add some bad code to it, compile and you can download this bad app
Open source doesn't mean anyone can edit it and push changes to the app stores. It means anyone can view the code and suggest changes. Changes still have to be agreed upon by the developers, and the community will see these changes before it goes live. Compare that with Google Authenticator which could have any code added to and everyone would be none the wiser. Just because it is released by Google doesn't automatically make it more trustworthy; in fact, I would trust it less. Google Authenticator also hasn't been updated in over 2 years. Not great.
it is working, right? so let it be working further
It works, sure, but it is the bare minimum. There is no way to export or back up your database. You can't encrypt or password protect access to it. Not to mention everything owned or developed by Google is spyware. It is a poor choice.
I would like for someone to confirm or deny this please.
See my first paragraph in this post and my previous post. Every 2FA app will work on every site.