[danShumway]

I used to have this perspective, but recently I've started to find it problematic.

Curation, while effective, is always a monkey patch on top of security. Ideally, I want to sandbox code. I don't want to have to trust it. I think it's unnecessarily limiting to assume that users should only ever run code that they trust.

In fact even native apps already try to do some sandboxing through a permission model. It's just that their permission model is less effective than the web, gives users less control, and leaks more information.

I'm also not sure that this matches my real world experience. I might use Facebook messenger or Twitter on my phone's browser. Installing something like Matrix makes me feel even better about that. I would never install their native app.

In theory I trust apps more than websites, but in practice I find that I usually view the app store with just as much suspicion as I do a random website.