The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms. One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth).
The pluggable authentication module (PAM) is in a separate project.
The Android app is in another one.
These apps are not on the app stores, and their code has diverged from what's in the app stores, so patches here won't necessarily show up in those versions.
These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.
Further documentation is available in the Wiki.