so, your argument is that if you 2FA with a secret stored in your phone…

then if the hacker gets into your phone they can access your TOTP codes?

what exactly does that have to do with scanning a QR code? If you get texted it’s 1000x easier to just get your SMSs off the cell network and if the hacker is in your phone to the point where they can read TOTP secrets, i would be extremely surprised if they couldn’t just read the codes you get texted… i am so lost