Many apps allow the user to authenticate with their phone number, by having the user enter it, and then sending an SMS with a code to be entered into the app. Very few (if any that I can find still active), simply present the SMS interface, and have the user send an SMS with a verification code to the server. I can think of a few reasons for this, but none that really seem to rule it out for me:
None of these seems like a real reason not to do it, but for some reason the big names like WhatsApp, SnapChat, Facebook etc. all seem to avoid it. Can anyone think of any major reasons to not do this, or have any insights as to why it is not more common?
It's quite easy to send an SMS message that appears to come from the phone number of your choice without actually controlling that number. And so sending an SMS from a number doesn't verify your ID in the same way as receiving an SMS to a number.
Since no one has mentioned, sending SMS (by customer) does cost money, atleast in developing countries. Besides the validation server can be in a different country. Personally, I won't want to send a costly SMS to US from Japan. Since server sends SMS through 3rd party SMS providers, they don't have to face that much cost per SMS.
The point of text-message verification is to confirm possession of your phone, not to have you make contact.
Two factor authentication usually requires something you know (a password) and something you have (a security key, dongle, or your cell phone etc.).
The idea is that even if a scammer in a remote area were to compromise your password, they would not be able to physically rob you of the phone.
It doesn’t actually matter who sends the message.
As the rest has been addressed, I will focus on one small point:
Sending an SMS could cost the user, and without having local numbers for every country, it could cost a significant amount
This is not how sending SMSes work. You typically do not have a number. You use a provider, such as clickatell.com. The give you a API, which you can use to send text messages. The actual cost typically depends upon the country, with developed countries generally being cheaper - but not upon how close they are to you.
You can typically choose your shown sender freely with such services, and this includes the familiar alphanumeric senders, such as Google. As you never expect a reply to 2FA messages, you don't really want a number.
Generally speaking sending SMS to the user makes it easier for the customer. And all businesses want to make things easier for their customers. Consider the following cases:
Adding to to Mike's answer, below could be another reason for not to send SMS from user to server.
By doing this you are opening the 'Inbound Interface' of your server and accepting connection from untrusted network. This may me rated high risk than sending SMS from server, where you open only the 'Outbound Interface'.