[miohtama]

TOTP algorithm is open, has RFC. Check Google Authenticator Wikipedia page for OSS clients.

I guess phone number is needed for the secure reset. In the case you lose the device this would render your account inaccessible.

[probably_wrong]

I do have an OSS client, but the very first step to enable Gmail's 2FA is to give your phone number.

I agree that there are good reasons for asking that, but the comment above apparently raises a good point, namely, that you apparently cannot enable 2FA without giving Google your phone number.