Exactly, the 2FA recourse usually affects browsers and not apps. And comes on top of the password or PIN, rather than replacing it. Which seems like discrimination. And it’s not even secure, as you say.
This all feels very convenient. Like a subtle form of abuse, in the name of security, to push people away from the only platform where they have any serious chance of privacy.
The arguments about the insecurity of the browser context have some merit in the aggregate, but in the end all these considerations are relative to the individual user. Which makes the discrimination a form of collective punishment that might have a legal redress.