[madeofpalk]

The web lacks intentionality that installed 'native' apps have. You search for a recipie and land on a random blog, executing untrustable code from a countless number of third parties, clicking "I agree" on that modal that says "LiveLaughLove blog and out 1382 partners value your privacy".

Native apps have a much higher level of friction at multiple points that helps balance the higher level of access they get.

[agust]

The APIs coming with a security or privacy risk are always gated by a permission prompt on the web (contrary to platform-specific apps). Safari has gone even further by only allowing some of them (e.g. Push notifications) for installed web apps.

These APIs are also much more restricted than their proprietary-ecosystem equivalent.

Overall, web apps having access to these features in Chrome are an order of magnitude safer than platform-specific apps.