When considering these two approaches you first need to appreciate how they differ, where each method is weakest, and then compare the level of difficulty an attacker would face in breaching each of these authentication methods. Both methods require a One-Time password to be entered during the logon process but differ in how the code is obtained by the user.
The SMS authentication method relies upon the required code being sent to the authorised users mobile phone via an SMS message - if the code is not sent to the authorised user, but to a device in the possession of someone attempting to hack into the account, then the method is compromised. Unfortunately the simplest (and most widely used) attack vector is for attackers to request a sim transfer (simply put the attacker persuades the phone company to transfer the users phone number to them and in doing so obtains all SMS messages sent to the user).
When using google authenticator this attack approach will not help an attacker as the code is generated on the user’s device via an installed app. As a result the attacker would need to either take control of the user’s phone (e.g. via a virus), or they would need to somehow obtain the seed data that is sent to the users device (before the app can be used data has to be sent to the mobile app, if the attacker either manages to get this data sent to them, or discovers the seed data from previous emails/SMS messages sent to the user), then once in possession of the seed data the attacker would be able to generate one-time passwords on an app installed on their own device.
From a hackers perspective intercepting the SMS messages (either by the sim-swap method or by hacking into the phone network itself) is generally a lot easier than obtaining the seed data as typically the seed data is only sent once to the user whereas using SMS messaging the codes are sent each time the user logs in.
As an alternative to both these methods hardware tokens could be used to produce the required one-time passwords. The advantage here is the hardware tokens are self-contained devices that the users would be in the possession of the authenticating user. They come pre-seeded, and no data is sent to the devices, so no interception is possible via a potential hacker (which greatly complicates any approach the attackers may take.
There is an attack vector that all 3 of the above methods may be vulnerable to - man in the middle attacks (and its variants). In these types of attack the user is tricked into providing their OTP codes to what they believe is the logon screen, but actually is passing the data to the attackers hardware directly. To protect against this type of attack you would probably switch from an OTP authentication approach and use a FIDO (or FIDO2) key instead.
So in answer to your original question, authentication methods based on SMS messages are probably the weakest in terms of security, with google authenticator being stronger, hardware tokens being stronger still and possibly FIDO keys being strongest overall (that being said even FIDO keys have their weaknesses - for example, most require you to physically connect the devices via USB connections which introduces different security weaknesses).
