The short answer is, you need to validate phone numbers every 6 months (which is the time phone operators keep the number closed when people change numbers) if you need 100% confidence that they are the real owners.
This is a problem if you are relying only on phone-numbers as a factor, which Lyft was (so was Uber, in some markets). In reality, a lot of the time you verify the phone number and present a password challenge (aka ask for password) so it's not a huge problem.
But then, you'd need to handle the case when Alice signs up in with the phone number 123, then changes their number to 456, and 6 months later Bob signs up with 123 because they are the new owners. Now, Alice has to provide a new number (with some Grace period) and Bob has to be eligible for all the promos / signup goodies that were previously tied to that 123 number again.
This is a problem if you are relying only on phone-numbers as a factor, which Lyft was (so was Uber, in some markets). In reality, a lot of the time you verify the phone number and present a password challenge (aka ask for password) so it's not a huge problem.
But then, you'd need to handle the case when Alice signs up in with the phone number 123, then changes their number to 456, and 6 months later Bob signs up with 123 because they are the new owners. Now, Alice has to provide a new number (with some Grace period) and Bob has to be eligible for all the promos / signup goodies that were previously tied to that 123 number again.
Software is hard.