Why would you assume they are shady? And shady in what way?
I 100% subscribe to the idea that phone numbers should be removed as a 2FA option in that, nobody should use their phone number as a 2FA method.
Unfortunately, it’s not that simple.
First, many services require that you share your phone number in order to create an account, let alone enable 2FA via other methods (TOTP Token / Yubikey). So at the very least, you need a phone number to set up these methods.
Can you remove or stop using these numbers later on? Sure. But you should probably wait a while. At least a month. I made the mistake of losing my SMSPool number after I enabled 2FA via authenticator app, and my account was locked within 48h.
There are valid reasons for phone number requirement
Although I don’t believe for a second that your account security is the only or even the primary reason websites require a phone number to enable other types of 2FA, there is some validity in that requirement.
The truth is, if most website allowed you to enable 2FA without using a phone number, and people got locked out of their account because they lost their YubiKey or their phone with their authenticator app, they would blame the website for not having alternative methods to access their accounts. Even though IMO they would be in the wrong, it would still likely spark a lot of backlash.
Authenticator apps used to suck
For a long time, most 2FA apps did not have cloud backup and could not sync across devices, which means you could only have them on one device, and losing it or access to the app meant losing access to your accounts. I also don’t get the impression that the most popular 2FA apps are apps that can sync. That needs to change.
If we lived in a time when buying a prepaid SIM card in most countries didn’t require ID registration, I would probably have less of an issue with websites requiring a phone number. But that world is gone.
The solution: give multiple loud warnings
IMO, websites should allow creating an account and enabling 2FA without a phone number, with a caveat. They warn you multiple times that if you lose your Yubikey / recovery codes / device with 2FA tokens, you risk losing access. Let people understand the risk and accept them.
Also give them some recommendations to back up their tokens. Tell them to use an app that syncs across devices, like Ente. Tell them to write down their recovery codes not just in their password manager, but physically in a secret notebook that is stashed securely.