My understanding is that fake users can still download an app (or call the API the app would have called), but a phone number is harder to continually spoof/generate.