Apps have a lot of access to your device and it's details that can de-anonymize you. You can block most permissions (not all) but why bother. Web browsers can be run to avoid a lot of the fingerprinting and access to meta data. Second you can access the PWA from anywhere not just your device. This is useful if for example when you keep your money and finance apps segregated in a secure container on your phone and have to scan the qr code to pay because you can't open the lnurl generated by the app, running outside the container, directly. And lastly I try to reduce the amount of vectors and meta data created for bad actors to use.

So it's not that I don't trust the btc company it's that I just don't want to leave too many breadcrumbs around that can be used by bad actors along with the security leaks from sites that collect too much data. No need to make it easy for them.

Just my 2 sats.