For Android, if you happen to use Keepass as your password manager, I really like KeePassDX[0]. If the camera app you use doesn't support QR scanning, though, you'd need an app for that (and I don't think any FOSS camera apps implement this, as for as I can tell).
This one[1] seems the most up-to-date, by a German research group. You'd share the link as text to the KeePassDX app, search for the entry it's for, and it populates it with the HTOP/TOTP secret.
There are iOS Keepass clients that support this as well, though from what I can tell there's some drama with source code[2][3] in the landscape.
We are undergoing the same CASA audit (required to access Google Drive API). And we do have people forking and building the project from source, so one can hope they read what they compile. Strongbox' source code is half-closed (see #784 in their repo) so source-level independent audit is impossible.
Otherwise, no. A third-party audit costs like a year of part-time developer, and at this stage the developer is more useful.
This one[1] seems the most up-to-date, by a German research group. You'd share the link as text to the KeePassDX app, search for the entry it's for, and it populates it with the HTOP/TOTP secret.
There are iOS Keepass clients that support this as well, though from what I can tell there's some drama with source code[2][3] in the landscape.
[0] https://f-droid.org/en/packages/com.kunzisoft.keepass.libre/
[1] https://f-droid.org/en/packages/com.secuso.privacyFriendlyCo...
[2] https://github.com/MiniKeePass/MiniKeePass/issues/606
[3] https://keepassium.com/articles/keepass-apps-for-ios/welcome...
And other allegations under the ethics & transparency sections of KeePassium's list of iOS alternatives https://keepassium.com/articles/keepass-apps-for-ios/