For gmail, Google texts me an auth code; the seed (if there is one) is in their data center. They could switch to seedless down the road since they own both sides of the auth.
I've never trusted the SMS auth; too easy to play phone routing tricks, and most high security environments don't allow phones or have coverage (of course there's also the same problem for no-phones for a phone-based TOTP; the solution is a physical token).