Why require a phone number to attach Bnet app authenticator?

So my son had an account that was old enough to still use the small keychain token authenticators. We were worried that since the thing is like 10+ years old it might kick the bucket soon so thought “hey, let’s remove the token one and add the app one from your phone”. Apparently a bad idea… once the token authenticator was removed we find out you can’t add a new authenticator without adding an (unused) phone number first.

Just… why? Why would you lock the ability to add security to your account behind some arbitrary restriction like that? Especially when the account had previously worked fine WITH an authenticator and WITHOUT a phone number for more than a decade.

Normally I’d say “well this is incredibly stupid and short sighted but fine, whatever” except he had created another account at some point over the course of that decade+ and had attached his phone to that account. So now he has an account that used to have 2FA that can’t be added back. Thanks Blizzard; appreciate it.