Companies use it as a cheap and easy way to combat spam without any engineering on their end. It's purely out of financial interest, nothing more. The mobile apps which require a phone number to use are doing this because if they only required email to sign up they'd have people sniffing their API and very quickly overwhelming it with fake accounts, and the cat and mouse game begins.
By forcing the users to validate with a phone number, they're essentially pushing their spam problems upstream and out of their hands. More sophisticated actors know it's possible to automate SMS verification, but it does stop a lot of spam at the door.
There's no reason that a service's "proof of personhood"/anti-bot mechanism has to be the same as that used for OTP delivery, though.
Google does this very well: They require a phone number of spam account creation prevention – once. After that, I can delete the phone number from my account and use a FIDO key, TOTP or any other 2FA method.
By forcing the users to validate with a phone number, they're essentially pushing their spam problems upstream and out of their hands. More sophisticated actors know it's possible to automate SMS verification, but it does stop a lot of spam at the door.