@Shaunkoh @SwiftOnSecurity at least it rules out direct attacks through careless mobile phone providers and weaknesses in 2G…5G, yes.

I would consider app based 2FA safer, but not safe enough for critical purposes. Your smartphone is probably connected to your PC in some way (same local network, same Apple/Google/whatever account, same messenger app(s), some synchronization solution, maybe a common backup solution, …), so those are not fully independent. In other words, if an attacker controls one of them, it is easier to gain control over the other.