I pointed this out on like the day after release or something. I even pointed out how verification of apps can happen that you can't really do with webapps (you know, hash the apk). I pointed out that it just has an unreasonably larger attack surface. I then linked to a tweet by a web wallet dev who went through all the security problems they experienced and why they no longer do web wallets.

At the end of the day though, Tony has created an apk for Mutiny, which you can compile and hash to check against the precompiled binary.

https://github.com/MutinyWallet/mutiny-web/releases/tag/v0.4.8-1