We disabled it on matrix.org because it was being used for 2FA SMS fraud, costing us $$$K, and we didn't want to burn time building an anti-fraud system. Getting access to everyone's phonebooks is also a privacy risk (even if you do fancy stuff with SGX like Signal does).
Meanwhile, government deployments typically have LDAP or similar to discover users - and so it hasn't come up as a big requirement for the folks generating $. It's on the radar though as one of the main blockers for mainstream uptake... but right now we're trying to keep the lights on first before focusing on accelerating mainstream uptake.
That makes sense, hopefully it’s something that can be resolved sometime soon. Would be great if mainstream people have another, privacy conscious, alternative to big tech…
(which everyone uses who follows the default App setup flow.)