[hdhzy]

It changes when you input current code. You can scan it multiple times, print it, and then input the code from one of your devices.

[captn3m0]

Also, if you have a rooted device, you can get the original secret from the SQLite database of the authenticator app.

[garethadams]

"can get the original secret" is a phrase which should worry a security-conscious person

[lorenzhs]

rooting their phone is not something a security-conscious person would do, either.

Edit: maybe I should have explained my position. There are a few security issues with rooting a phone, e.g.:

- rooting usually requires unlocking the bootloader. Once it's unlocked, anyone can flash or boot a custom recovery and modify your system partition. Enrolling your own keys in the recovery and re-locking the bootloader, while possible, is an undocumented and complex process that just about nobody uses, see https://mjg59.dreamwidth.org/31765.html . You're also screwed if a system update replaces the recovery. Once the bootloader is unlocked, anyone with physical access to your phone can mess with your system in malicious ways.

- it circumvents the system's permission model. A malicious app that tricks the user into granting it root rights (maybe for a legitimate reason) could access information it shouldn't have, install a keylogger, etc.

[tokenizerrr]

Even without root. Just run a backup and extract it from that. You can do it with just adb or helium.

[jeffreyparker]

That doesn't work for Google Authenticator. Apps can opt-out of being able to be backed up, which even prevents adb/helium backups (unless you're rooted).