Why is there no built-in authenticator app in iOS or Android?

Question

2FA via SMS is known to be flawed, yet it is by far the most common method. I think more sites would offer 2FA via authenticator apps if they didn't have to ask you to download a third-party app.

ggm · Accepted Answer

The flaw is in number porting. Your phone number is not adequately identifying because social engineering attacks can cause it to move.
If the device secure zone integrated with a google auth app or OKTA then for Data, I think its a good choice. But SMS is not about that: its about the attack on the integrity of your ownership of routing of the number to "you"
I suppose I am saying that with a trusted zone, and a secure credentials store on the device, I too would have expected google authenticator to be built-in to the google pack.

tristador · Answer

For Android, preinstalled apps are set by the phone manufacturer. I suppose each manufacturer could pick their favorite 2fa app and install it. There is some pressure not to install apps that the user doesn't need as it's bloatware. I'm not sure what percentage of users currently use an authenticator app.