[TheOtherHobbes]

It's the same things for web apps, with added near-infinite possibilities for spam.

[nailer]

It's permission based. Read the linked spec.

[TheOtherHobbes]

Are the permissions fine-grained enough to give users the power to say Yes to useful content and No to intrusive marketing messages?

Or is the option to include that choice going to be left to site designers?

[nailer]

I can't see that in the spec, so no. Like most things, if you don't like an app, you can revoke it's privileges and uninstall it.

The questions you keep asking are basic things solved by reading the article - you seem to have concerns, but you haven't done the minimum amount of work necessary to determine whether your concerns are valid.

[domenicd]

Permissions are per-origin.