May not be as ideal as it requires manual selection but Chromium has a visible share button for QR on the address bar. Or you can use Pushbullet/Join/KDE Connect to share links with your phone.

You have threat model to answer this question as privacy means different things to people and there are different privacy levels to every threat model. But to answer your question in a concise manner, any closed source operating system developed by commercial vendors is more likely to ship with/ introduce telemetry, user tracking and other kinds of spyware than an open one.

I remember losing Google Authenticator data when I had to format my phone. This was years back and didn’t have too many accounts setup. With Aegis I have an offline encrypted backup of all my 2FA codes so this is no longer a possibility. Before Aegis I was tempted to use Authy before I had to wait 24hrs to gain my access back after I reset my phone.

2FA on Android has always sucked (lazily created; app data CANNOT constitute and/or subsitute device trust). I wish I had got on to Aegis earlier.