Webapps are already protected with the same privacy and security protocols the browser imposes on webpages. What can a native app possibly do that's such an egregious invasion of privacy that a webpage can't do? Filesystems are encapsulated, hardware apis require permission, and cameras now have a nice active indicator. What can anything possibly do anymore that hasn't been fixed in all of web2?
> Webapps are already protected with the same privacy and security protocols the browser imposes on webpages.
Yes. And Bluetooth/USB etc. pierce that sandbox and communicate to devices outside the browser.
And no, you can't "fix it" with a simple "oh hey this page wants to access a device".
Hint: we can't successfully ignore prevent people from phishing sites and scammers, but sure, let's give an untrusted execution environment full access to everything.
> What can a native app possibly do that's such an egregious invasion of privacy that a webpage can't do
Webpage doesn't have full access to file systems (and Chrome wants to give full access to file systems), or to USB/Bluetooth/etc. (and Chrome wants to give full access to that), and...
Once again. "Hey, we know that native apps are a nightmare for privacy and security, why would you oppose making the web more like native " isn't a good argument".
Also, hint: native apps exist beyond mobile.
Also, hint on filesystems: even though they are encapsulated, that encapsulation differs greatly between systems, and having, say, full access to cloud files is just as bad.
> Webapps are already protected with the same privacy and security protocols the browser imposes on webpages
You can disable commonly abused/exploited things like service workers and still use most websites just fine, while a webapp might depend on having that functionality enabled reducing your security when using websites and webapps.
> What can a native app possibly do that's such an egregious invasion of privacy that a webpage can't do?
