While we were waiting for the perfect cross-platform solution, we underestimated the web standards that we've always had in front of us, and are slowly becoming the perfect, powerful common denominator.
sort of. From a user perspective, the app security model is brokered (by a store) while the web security model is a direct ad-hoc relationship to whoever [you _think_] owns the domain you are on. Apps tend to need reviews for republication, while a website could change owners (through acquisition, domain expiry or other exploit) at any given time.
Modern systems sandbox both application access for security exploit reasons as well as user privacy reasons. The web lets apps talk to one another arbitrarily, embed one another in frames, and so on.
Because of this, hardware access will always be significantly more constrained than store-reviewed apps.
