Just use the Google Authenticator's "Privacy Screen" which requires a PIN, pattern, or biometric verification to open the app. This renders this hack unusable ;-)
Unless you social engineer to export the auth code as QR, take a screenshot, extract the secret key which is pretty much in plain bytes and use it to generate TOTP.