I have noticed some concern with 2FAS making connections to Google owned domains (example from a different thread):
I tried to see for myself what domains the app connects to, so I opened the built-in iOS App Privacy Report feature and this is what I got (I excluded the iCloud backup and the 2FAS domains):
• firebaselogging-pa.googleapis.com
• firebaseinstallations.googleapis.com
• firebase-settings.crashlytics.com
• fcmtoken.googleapis.com
• device-provisioning.googleapis.com
• ocsp.pki.goog
After turning off analytics in the 2FAS settings (and restarting the app), it stopped contacting all but one Google domain – specifically firebaselogging-pa.googleapis.com.
A Github issue has been already opened about the problem and thus the developer is looking into it.
EDIT: Here is a Github issue that mentions all the domains that the app connects to.