I think the real story here is that the browser has really become the OS. But whereas before we left all decisions up to the users about what they could install and trust, and they trusted the dev to not do anything nefarious, the browser makers realized that users are a bad judge of character and devs cannot be trusted to be honest. So the browsers created a complex api access process to protect users from bad actors.
To move this sort of paradigm back into OS would require a wholesale re-write of APIs and how they're accessed.
Surprise! Both Apple and Microsoft did that, but neither of their new APIs caught on, because the benefit of being a native app was outshined by losing the easy access to the user data. So from the dev's stand point they may as well get the benefits of cross platform that web-apps afford if they're gonna have to deal with the gate-keeping anyways; native performance be damned.
To move this sort of paradigm back into OS would require a wholesale re-write of APIs and how they're accessed.
Surprise! Both Apple and Microsoft did that, but neither of their new APIs caught on, because the benefit of being a native app was outshined by losing the easy access to the user data. So from the dev's stand point they may as well get the benefits of cross platform that web-apps afford if they're gonna have to deal with the gate-keeping anyways; native performance be damned.