Of course, this adds to my insights. No matter how strong the security is, there are always gaps that can be exploited by bad people. Not only Authy. I think all GAs, Aegis have weaknesses. So not only from the application and developers but from the user users. But from this condition, isn't Authy likely to develop to fix the vulnerability gap. Actually it is quite strange if there is no problem, or maybe no media wrote it? The media can always make writing and business competition.
I'm not sure that I understood your intervention. Sure that each TOTP/2FA program has positives/negatives aspects of it, but considering that Authy is both closed source, doesn't allow users to export their TOTP's and has been breached multiple times, those factors have to account for something no? I'm not saying that Aegis won't ever suffer such breach, but being open source and developed by the community surely helps in transparency, far more than Authy does.