I don't think they need a phone number if you use the Google Authenticator app on your phone. The pin for that is generated based on an initial random seed and the current date/time, not your cell number.

They do require it. If you remove it 2-factor-authentication is disabled.

Nothing says that number needs to be your mobile (or one that you have regular access to) but you do need to provide one.

Does that mean that you could use a Google Voice number? Presumably they already know that one, so "divulging" it shouldn't be an issue. ;^)