And this in spite of the National Institute of Standards and Technology in the US strongly recommending against using SMS as a 2nd factor authentication since 2016!
Why yes. Because SMS isn't good enough, the sekhurity industry decided everyone needs to use apps instead, since they can communicate over SSL and are harder to spoof, and then threw in remote attestastion for extra sekhurity.