Is Google prompt safer then authenticator app for 2-step verification?
Google is using push notifications for that service, I'm assuming. This puts the security roughly equivalent to an SMS-based MFA. As you point out, they both provide an opportunity for an attacker to intercept an authentication code destined for you, or to find some way to convince Google to send the code to them directly instead of your phone.
The security analysis of a push notification-based system versus an SMS-based system then is going to be up to the specifics of the transfer protocol (i.e. is it easier to intercept SMS traffic than push notifications, or vice versa). This is the interesting question, and one I don't know the answer to.
However, neither is going to be much safer than the other, given the inherent limitations of a network-based authentication method for "something you have". The difference between them and an HOTP/TOTP app, or a hardware MFA device, is much more, and in turn the difference between using any of these methods and using single-factor authentication is even larger. So from a practical perspective I think the question, while interesting, doesn't matter: any form of MFA is better than not having one at all, and if you really care about your security, you should be using a non-network-based second factor.
I'd guess the primary reason Google is rolling this out is not for increased security over SMS 2FA, but ease of use (which means people are more likely to use it instead of forgoing MFA entirely).
There are inherent risks involved in both methods of 2-Factor-Authenticantion that you mention - Google's Authenticator app and SMS. Determining the level of safety will not be black and white - it will depend on which risks are more acceptable to you and your use-case.
But, to specifically answer your question: "Is it safer, considering that it implies data in transit?" - No, it isn't.
SMS methods of 2FA are susceptible to what is known as a 'SIM Swap' attack. Attackers who have used phishing and other social-engineering style attacks to obtain the victims personal information - including banking details - (as well as pulling details freely from social media) convince the mobile service provider to deactivate the current SIM and activate one in the attackers possession. All new SMS's are then sent to the attacker, including 2FA SMS's - in plain-text.
There are still pro's and con's for both Application and SMS 2FA - this article sums them up quite nicely.
I personally would recommend using Application-based authentication as much as possible, and increasing personal security of my device that controls that Authenticator.