It's bizarre. Why is a Google app using an application specific password instead of your authentication code? The only reason an app should not use the two factors is if it's some legacy protocol that only takes a single userid/password pair. WTF.