Let me explain. Say you order food online — you’d want a notification to update you, instead of having to manually refresh a webpage. So you prefer using the app. But what’s the guarantee the company won’t also send you marketing notifications? You give contact permission to access just one contact, but what’s stopping the app from uploading your whole contact list to their servers? You allow location for one check-in, but they start logging your GPS every minute? Every permission asked & given for right purpose end up as consent-full data siphons.
And honestly, if the app world hadn’t taken off, the web would have invented its own version of permission systems. So yeah, I dis/agree with the article’s title — web can do everything apps can; including the shady data siphoning.
Some people might argue that they need excessive data to serve right ads, make money and keep the app free — the only way. But I don't think so, even if you pay for the app, they will need excessive data to ensure you keep renewing.
Browsers have a notification feature where websites can send you notifications, and it's usually enabled by default.