There has been a lot of papers published of Authenticator (OTP) vs Test Message OTP for authentication. Both offer additional security however Test Message OTP is less secure as compared to Authenticator type OTPs. Attackers can still work on SIM swap attacks, phone carrier attacks (most attack remote) Authenticator sits on the phone, so an attacker would need physical access to the device, or the user would backup the authenticator passowrds/codes and store it insecurely.
2-factor still better than no-factor, and yeah email factor is bad cause many times the compromised accounts usually means the email accounts are compromised too