SMS 2FA is basically the same as TOTP against phishing. It is worse in that you can be hit with sim-swapping. Phishing is many orders of magnitude more common than sim-swapping. There is a real difference between these two options, but it is wildly overemphasized online. The gap between SMS/TOTP and a Yubikey or equivalent is way larger.
I was not suggesting SMS 2FA when I referred to "Smartphone-based solution". I meant relying on Secure Enclave or alike on the smartphone as the second factor in a challenge-response fashion that makes the "OTP" bound to a specific domain and thus unphishable.