What if one bad actor does it not initially do that, but only after the app has enough users, with a random upgrade? Not that _you_ would do that, of course. But it makes sense that people are wary about where they trust their TOTPs.
Some time ago people were locked out of their TOTPs because some guy bought their app from its creator and turned it into ransomware having them pay to not lose their codes.
Yeah that's all of open source. Only thing that would separate this from any other open source totp app is how popular it got OR if that open source app was funded by a for profit company like bitwarden is.
You mean everything without a big name attached. Being open source doesn't play into it. (Except that it gives you the theoretical option to verify and build it yourself, or to get it from a trusted third party who did.)
It's just a lot of downside for almost no upside, cool idea though. Maybe it can be repurposed for some kind of rng app, like a dice app for dungeons and dragons or stuff like that.