All app-based 2FA I've used required a phone number at least for the initial setup and creation of an account. And they might ask again for phone confirmation whenever they think there was any unusual activity from the account - which can mean anything, even just normally logging in, on the same device you've always used, but from a different browser than what you normally use.
If none of that is required, then I haven't heard of it. Anyways, for the kind of 2FA you describe, the service must support it. Personally I still wouldn't use it because like I have said, for me the inconvenience of 2FA far outweighs the risks of not using it except for the most critical services. So I hope it remains an optional thing.
Strong passwords really are everything you need. Fact is, people who have bad opsec will always find a way to screw things up and end up having their accounts hacked or invaded, no matter how many hurdles services put in the process. There comes a point where anything they add to "enhance security" only ends up inconveniencing users. Ideas like phasing out passwords are just so they can have more control over their users and better spy on them, adding security is just an excuse.