Yes, those are all valid and important points -- as I said above, mobile operating systems have taken the browser's conceptual model and improved it. They've made technical improvements (using the kernel's security policies and mechanisms) and non-technical ones (providing a trusted distribution channel with the ability to ban malware apps). I agree that browsers are behind in important ways.
But I'm not so sure that local kernel exploits are that much rarer than, say, Chromium sandbox exploits, which play a similar role in mitigating vulnerabilities exposed to untrusted code. (Not all of those monthly vulnerability announcements actually allow code execution.)
I think in practice the curated App Store model helps much more to prevent outbreaks of attacks in the wild. Google Play, which does not review apps before publishing them, has had malware problems. And since users and usability are still a weak link in the permission system, not all mobile malware even needs to circumvent technical measures to gain the privileges it wants.
And browsers still offer safety advantages over native apps on the desktop systems that currently account for the majority of browser usage.
But I'm not so sure that local kernel exploits are that much rarer than, say, Chromium sandbox exploits, which play a similar role in mitigating vulnerabilities exposed to untrusted code. (Not all of those monthly vulnerability announcements actually allow code execution.)
I think in practice the curated App Store model helps much more to prevent outbreaks of attacks in the wild. Google Play, which does not review apps before publishing them, has had malware problems. And since users and usability are still a weak link in the permission system, not all mobile malware even needs to circumvent technical measures to gain the privileges it wants.
And browsers still offer safety advantages over native apps on the desktop systems that currently account for the majority of browser usage.