So are you willing to have native code pushed to you with no control over it? Because that's the major logistical advantage of webapps that has Enterprises trying to use them.
Untrusted native code isn't strictly necessary. There is no need for locally-run software to be in any particular form, so long as it doesn't depend on the developer's server to function.
Java bytecode is excellent precedent for what is broadly possible. There are problems with it, but most of what's missing for the end user is a better degree of convenience and control.
Actually, the iOS model isn't that great IMO. Rather than relying on verifiably safe bytecode, Apple uses a combination of TrustedBSD-based technology on the phone, and human-directed testing in their labs, in an attempt to keep native code from doing things they don't want it to.
I think this is backwards for what they're trying to achieve, and I think that's part of the reason their app review process is such a pain in the ass.
