[jhasse]

Web apps would also have to get permissions like native apps.

But you're right that some permissions like complete file access might be a bit too much. They could implement it so that only signed Web apps installed through the app store would get such permissions.

[9gunpi]

The problem is not only permissions. The problem is that code execution model within anything a mile close to web and browsers is a security threat by itself.