That seems to be the point that I was missing in understanding what GAuth is basically about (and needed to know). But in that case, I can't possibly see how it can be safer than sms verification. Essentially, the hacker just needs to steal your GAuth code (which is simply your access key) to confirm anything which you set to confirm with it. Indeed, you would still need access to a user account for which the access code is being generated but you would anyway need this access to make use of a successful phone hack. Therefore, I guess, we can compare the security of these two methods of authentication directly, and I don't see any advantages of Google Authenticator. Stealing this key is likely much easier than hacking a phone
What else am I missing here?
The problem with SMS verification is that sometimes you don't have your phone with you. Unlike a 2FA google authenticator where you can install it on your PC, tablet, phone or whatever device that supports it. Though, I would say it is a layer of security that would not really be hard to crack like you said. An SMS verification is much more secure but give a lot of hassle in my opinion.
I'm not sure if I'm quite correct on this (I just vaguely remember something like that) but mobile operators (at least some of them) may allow you to access copies of sms sent to your phone through their online services. Thus if you have this option enabled, you can see the confirmation SMS codes even without your phone nearby. Regarding GAuth, its use might be really counterproductive if Google left some hole in it, either intentionally or inadvertently...
So if someone finds it, the app itself could potentially lead to money loss
