Here are the two specific criticisms in the article:

> Phishing emails from “@google.com” made it into Gmail.

> Google enabled Authenticator cloud sync by default.

Both of these seem like fair points where one could reasonably expect one of the largest companies in the world to spend a tiny amount of money on security improvements which would make it harder to attack their customers. Not following Apple’s lead on security for Authenticator is especially disappointing since they have no shortage of good security engineers.