Shit. I am running the iOS 7 beta with automatic app updates, and I already have the new app.
I am considering wiping my phone and restoring it from a previous backup with the old copy of the app.
Edit: I was still logged in from my browser, and was able to activate the new version without entering a code from the deceased version of the app.
From this, it seems theft of your cookies could let an attacker completely take over your account and two-factor device if they know your account password and you have chosen to trust the victim computer.
If you have a password on your backups, the codes are in your backed-up keychain. (Google Authenticator doesn't mark its keychain entries as "keep on device".) You'll need to patch iphone-dataprotection to handle a the iOS7 keychain format (I added a patch to the bug tracking database.)
I am considering wiping my phone and restoring it from a previous backup with the old copy of the app.
Edit: I was still logged in from my browser, and was able to activate the new version without entering a code from the deceased version of the app.
From this, it seems theft of your cookies could let an attacker completely take over your account and two-factor device if they know your account password and you have chosen to trust the victim computer.