There is nothing particular spectacular about Secure Authenticator. It is a fork of Google Authenticator 2.21, the last posted open source release. The goal is simply to ensure I am using an open source application for 2FA, and it does not have more permissions than it needs.
I have disabled the INTERNET permission, and with it the time sync feature which was only useful for devices with incorrect system times. I have de-Google-branded the app, and changed the package name to avoid conflicts.
Google Authenticator is licensed under Apache 2.0, see COPYING for full text.
The key icon, key.svg, is modified from public domain. Source: http://thenounproject.com/term/key/655/